Azure
/
azure-sdk-for-python
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Create Initial cut at an early preview (machine generated) version of python SDK. (#15712) 

* Created MAA GA API surface

* Added missing files

* Updated

* Updated track 2 multiapi Python SDK

* First cut at Python SDK

* Created

* Checkpoint

* Checkpoint

* Checkpoint - get policy test works

* Updated with current changes

* Renamed more fields

* Preview version of Python MAA SDK

* Updated readme

* CI error fixes

* Windows Py38 fix

* Missed one last interpolated string

* Use preparer decorator instead of original_env

* Switched to use decorator throughout

* Import x509 module separately

* Backed out mgmt changes accidentally included

* Updated to match master

* Resynced mgmt to exactly match master

* Updated - cleaned up recordings directory; fixed several typos

* Moved service implementation around

* Updated setup.py to reflect new location of SDK

* Updates for CI pipeline

* mdlint update

* Added azuresecurityattestation to ci.yml

* Added back __init__.py files

* Disable expiration time validation on JWTs

* Updated version to 0.1.0-preview.

* Version == 1.0.0b1

* More 1.0.0b1 changes

* Removed azure-security-nspkg for now

* Added azure-security-nspkg to dev requirements

* Missed one expiration time check

* Manifest and setup.py updates

* Added override for dependant package versions

* Possibly unconfuse pylint

* add data plane library to allowed pylint failures

* relative path  to namespace package

* add security nspkg to shared requirements

Co-authored-by: iscai-msft <iscai@microsoft.com>
This commit is contained in:
Larry Osterman 2020-12-10 17:02:57 -08:00 коммит произвёл GitHub
Родитель 1850a08233
Коммит f13b42d4d1
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
48 изменённых файлов: 4855 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
eng/tox/allowed_pylint_failures.py
Просмотреть файл

@ -49,4 +49,5 @@ PYLINT_ACCEPTABLE_FAILURES = [
"azure-synapse-managedprivateendpoints",
"azure-synapse-nspkg",
"azure-ai-anomalydetector",
"azure-security-attestation",
]

8
sdk/attestation/azure-security-attestation/CHANGELOG.md Normal file
Просмотреть файл

@ -0,0 +1,8 @@
# Release History
## 1.0.0b1 (2020-12-09)
Initial early preview release for MAA Data Plane SDK
Demonstrates use of the machine generated MAA APIs.
- Initial Release

5
sdk/attestation/azure-security-attestation/MANIFEST.in Normal file
Просмотреть файл

@ -0,0 +1,5 @@
recursive-include tests *.py *.yaml
include *.md
include azure/__init__.py
include azure/security/__init__.py

49
sdk/attestation/azure-security-attestation/README.md Normal file
Просмотреть файл

@ -0,0 +1,49 @@
# Azure Attestation client library for Python
This is the Microsoft Azure Attestation Service Data Plane Client Library.
This package has been tested with Python 2.7, 3.5, 3.6, 3.7 and 3.8.
For a more complete view of Azure libraries, see the [azure sdk python release](https://aka.ms/azsdk/python/all).
# Getting started
For a rich example of a well formatted readme, please check [here.](https://github.com/Azure/azure-sdk/blob/master/docs/policies/README-TEMPLATE.md) In addition, this is an [example readme](https://github.com/Azure/azure-sdk/blob/master/docs/policies/README-EXAMPLE.md) that should be emulated. Note that the top-level sections in this template align with that of the [template.](https://github.com/Azure/azure-sdk/blob/master/docs/policies/README-TEMPLATE.md)
# Key concepts
This SDK provides the following functionality for the Microsoft Azure Attestation Service
* Microsoft Azure Attestation Enclave Attestation
* Attestation Policy Management APIs
* Attestation Policy Managemetn Certificate Management APIs.
# Examples
Examples of some of the key concepts for your library.
# Troubleshooting
Running into issues? This section should contain details as to what to do there.
# Next steps
More sample code should go here, along with links out to the appropriate example tests.
# Contributing
If you encounter any bugs or have suggestions, please file an issue in the [Issues](<https://github.com/Azure/azure-sdk-for-python/issues>) section of the project.
![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-python%2Fsdk%2Ftemplate%2Fazure-template%2FREADME.png)
# Usage
For code examples, see [Azure Attestation DataPlane](https://docs.microsoft.com/python/api/overview/azure/)
on docs.microsoft.com.
# Provide Feedback
If you encounter any bugs or have suggestions, please file an issue in the
[Issues](https://github.com/Azure/azure-sdk-for-python/issues)
section of the project.
![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-python%2Fazure-mgmt-attestation%2FREADME.png)

1
sdk/attestation/azure-security-attestation/azure/__init__.py Normal file
Просмотреть файл

@ -0,0 +1 @@
__path__ = __import__('pkgutil').extend_path(__path__, __name__) # type: ignore

1
sdk/attestation/azure-security-attestation/azure/security/__init__.py Normal file
Просмотреть файл

@ -0,0 +1 @@
__path__ = __import__('pkgutil').extend_path(__path__, __name__) # type: ignore

19
sdk/attestation/azure-security-attestation/azure/security/attestation/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,19 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from ._attestation_client import AttestationClient
from ._version import VERSION
__version__ = VERSION
__all__ = ['AttestationClient']
try:
from ._patch import patch_sdk # type: ignore
patch_sdk()
except ImportError:
pass

86
sdk/attestation/azure-security-attestation/azure/security/attestation/_attestation_client.py Normal file
Просмотреть файл

@ -0,0 +1,86 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
from azure.core import PipelineClient
from msrest import Deserializer, Serializer
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any
from azure.core.credentials import TokenCredential
from ._configuration import AttestationClientConfiguration
from .operations import PolicyOperations
from .operations import PolicyCertificatesOperations
from .operations import AttestationOperations
from .operations import SigningCertificatesOperations
from .operations import MetadataConfigurationOperations
from . import models
class AttestationClient(object):
"""Describes the interface for the per-tenant enclave service.
:ivar policy: PolicyOperations operations
:vartype policy: azure.security.attestation.operations.PolicyOperations
:ivar policy_certificates: PolicyCertificatesOperations operations
:vartype policy_certificates: azure.security.attestation.operations.PolicyCertificatesOperations
:ivar attestation: AttestationOperations operations
:vartype attestation: azure.security.attestation.operations.AttestationOperations
:ivar signing_certificates: SigningCertificatesOperations operations
:vartype signing_certificates: azure.security.attestation.operations.SigningCertificatesOperations
:ivar metadata_configuration: MetadataConfigurationOperations operations
:vartype metadata_configuration: azure.security.attestation.operations.MetadataConfigurationOperations
:param credential: Credential needed for the client to connect to Azure.
:type credential: ~azure.core.credentials.TokenCredential
:param instance_url: The attestation instance base URI, for example https://mytenant.attest.azure.net.
:type instance_url: str
"""
def __init__(
self,
credential, # type: "TokenCredential"
instance_url, # type: str
**kwargs # type: Any
):
# type: (...) -> None
base_url = '{instanceUrl}'
self._config = AttestationClientConfiguration(credential, instance_url, **kwargs)
self._client = PipelineClient(base_url=base_url, config=self._config, **kwargs)
client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)}
self._serialize = Serializer(client_models)
self._serialize.client_side_validation = False
self._deserialize = Deserializer(client_models)
self.policy = PolicyOperations(
self._client, self._config, self._serialize, self._deserialize)
self.policy_certificates = PolicyCertificatesOperations(
self._client, self._config, self._serialize, self._deserialize)
self.attestation = AttestationOperations(
self._client, self._config, self._serialize, self._deserialize)
self.signing_certificates = SigningCertificatesOperations(
self._client, self._config, self._serialize, self._deserialize)
self.metadata_configuration = MetadataConfigurationOperations(
self._client, self._config, self._serialize, self._deserialize)
def close(self):
# type: () -> None
self._client.close()
def __enter__(self):
# type: () -> AttestationClient
self._client.__enter__()
return self
def __exit__(self, *exc_details):
# type: (Any) -> None
self._client.__exit__(*exc_details)

70
sdk/attestation/azure-security-attestation/azure/security/attestation/_configuration.py Normal file
Просмотреть файл

@ -0,0 +1,70 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
from azure.core.configuration import Configuration
from azure.core.pipeline import policies
from ._version import VERSION
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any
from azure.core.credentials import TokenCredential
class AttestationClientConfiguration(Configuration):
"""Configuration for AttestationClient.
Note that all parameters used to create this instance are saved as instance
attributes.
:param credential: Credential needed for the client to connect to Azure.
:type credential: ~azure.core.credentials.TokenCredential
:param instance_url: The attestation instance base URI, for example https://mytenant.attest.azure.net.
:type instance_url: str
"""
def __init__(
self,
credential, # type: "TokenCredential"
instance_url, # type: str
**kwargs # type: Any
):
# type: (...) -> None
if credential is None:
raise ValueError("Parameter 'credential' must not be None.")
if instance_url is None:
raise ValueError("Parameter 'instance_url' must not be None.")
super(AttestationClientConfiguration, self).__init__(**kwargs)
self.credential = credential
self.instance_url = instance_url
self.api_version = "2020-10-01"
self.credential_scopes = kwargs.pop('credential_scopes', ['https://attest.azure.net/.default'])
kwargs.setdefault('sdk_moniker', 'security-attestation/{}'.format(VERSION))
self._configure(**kwargs)
def _configure(
self,
**kwargs # type: Any
):
# type: (...) -> None
self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs)
self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs)
self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs)
self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs)
self.http_logging_policy = kwargs.get('http_logging_policy') or policies.HttpLoggingPolicy(**kwargs)
self.retry_policy = kwargs.get('retry_policy') or policies.RetryPolicy(**kwargs)
self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs)
self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs)
self.authentication_policy = kwargs.get('authentication_policy')
if self.credential and not self.authentication_policy:
self.authentication_policy = policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)

9
sdk/attestation/azure-security-attestation/azure/security/attestation/_version.py Normal file
Просмотреть файл

@ -0,0 +1,9 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
VERSION = "1.0.0b1"

10
sdk/attestation/azure-security-attestation/azure/security/attestation/aio/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,10 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from ._attestation_client import AttestationClient
__all__ = ['AttestationClient']

80
sdk/attestation/azure-security-attestation/azure/security/attestation/aio/_attestation_client.py Normal file
Просмотреть файл

@ -0,0 +1,80 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, TYPE_CHECKING
from azure.core import AsyncPipelineClient
from msrest import Deserializer, Serializer
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from azure.core.credentials_async import AsyncTokenCredential
from ._configuration import AttestationClientConfiguration
from .operations import PolicyOperations
from .operations import PolicyCertificatesOperations
from .operations import AttestationOperations
from .operations import SigningCertificatesOperations
from .operations import MetadataConfigurationOperations
from .. import models
class AttestationClient(object):
"""Describes the interface for the per-tenant enclave service.
:ivar policy: PolicyOperations operations
:vartype policy: azure.security.attestation.aio.operations.PolicyOperations
:ivar policy_certificates: PolicyCertificatesOperations operations
:vartype policy_certificates: azure.security.attestation.aio.operations.PolicyCertificatesOperations
:ivar attestation: AttestationOperations operations
:vartype attestation: azure.security.attestation.aio.operations.AttestationOperations
:ivar signing_certificates: SigningCertificatesOperations operations
:vartype signing_certificates: azure.security.attestation.aio.operations.SigningCertificatesOperations
:ivar metadata_configuration: MetadataConfigurationOperations operations
:vartype metadata_configuration: azure.security.attestation.aio.operations.MetadataConfigurationOperations
:param credential: Credential needed for the client to connect to Azure.
:type credential: ~azure.core.credentials_async.AsyncTokenCredential
:param instance_url: The attestation instance base URI, for example https://mytenant.attest.azure.net.
:type instance_url: str
"""
def __init__(
self,
credential: "AsyncTokenCredential",
instance_url: str,
**kwargs: Any
) -> None:
base_url = '{instanceUrl}'
self._config = AttestationClientConfiguration(credential, instance_url, **kwargs)
self._client = AsyncPipelineClient(base_url=base_url, config=self._config, **kwargs)
client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)}
self._serialize = Serializer(client_models)
self._serialize.client_side_validation = False
self._deserialize = Deserializer(client_models)
self.policy = PolicyOperations(
self._client, self._config, self._serialize, self._deserialize)
self.policy_certificates = PolicyCertificatesOperations(
self._client, self._config, self._serialize, self._deserialize)
self.attestation = AttestationOperations(
self._client, self._config, self._serialize, self._deserialize)
self.signing_certificates = SigningCertificatesOperations(
self._client, self._config, self._serialize, self._deserialize)
self.metadata_configuration = MetadataConfigurationOperations(
self._client, self._config, self._serialize, self._deserialize)
async def close(self) -> None:
await self._client.close()
async def __aenter__(self) -> "AttestationClient":
await self._client.__aenter__()
return self
async def __aexit__(self, *exc_details) -> None:
await self._client.__aexit__(*exc_details)

66
sdk/attestation/azure-security-attestation/azure/security/attestation/aio/_configuration.py Normal file
Просмотреть файл

@ -0,0 +1,66 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, TYPE_CHECKING
from azure.core.configuration import Configuration
from azure.core.pipeline import policies
from .._version import VERSION
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from azure.core.credentials_async import AsyncTokenCredential
class AttestationClientConfiguration(Configuration):
"""Configuration for AttestationClient.
Note that all parameters used to create this instance are saved as instance
attributes.
:param credential: Credential needed for the client to connect to Azure.
:type credential: ~azure.core.credentials_async.AsyncTokenCredential
:param instance_url: The attestation instance base URI, for example https://mytenant.attest.azure.net.
:type instance_url: str
"""
def __init__(
self,
credential: "AsyncTokenCredential",
instance_url: str,
**kwargs: Any
) -> None:
if credential is None:
raise ValueError("Parameter 'credential' must not be None.")
if instance_url is None:
raise ValueError("Parameter 'instance_url' must not be None.")
super(AttestationClientConfiguration, self).__init__(**kwargs)
self.credential = credential
self.instance_url = instance_url
self.api_version = "2020-10-01"
self.credential_scopes = kwargs.pop('credential_scopes', ['https://attest.azure.net/.default'])
kwargs.setdefault('sdk_moniker', 'security-attestation/{}'.format(VERSION))
self._configure(**kwargs)
def _configure(
self,
**kwargs: Any
) -> None:
self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs)
self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs)
self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs)
self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs)
self.http_logging_policy = kwargs.get('http_logging_policy') or policies.HttpLoggingPolicy(**kwargs)
self.retry_policy = kwargs.get('retry_policy') or policies.AsyncRetryPolicy(**kwargs)
self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs)
self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs)
self.authentication_policy = kwargs.get('authentication_policy')
if self.credential and not self.authentication_policy:
self.authentication_policy = policies.AsyncBearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)

21
sdk/attestation/azure-security-attestation/azure/security/attestation/aio/operations/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,21 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from ._policy_operations import PolicyOperations
from ._policy_certificates_operations import PolicyCertificatesOperations
from ._attestation_operations import AttestationOperations
from ._signing_certificates_operations import SigningCertificatesOperations
from ._metadata_configuration_operations import MetadataConfigurationOperations
__all__ = [
'PolicyOperations',
'PolicyCertificatesOperations',
'AttestationOperations',
'SigningCertificatesOperations',
'MetadataConfigurationOperations',
]

228
sdk/attestation/azure-security-attestation/azure/security/attestation/aio/operations/_attestation_operations.py Normal file
Просмотреть файл

@ -0,0 +1,228 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, Callable, Dict, Generic, Optional, TypeVar
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from ... import models as _models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class AttestationOperations:
"""AttestationOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~azure.security.attestation.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = _models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
async def attest_open_enclave(
self,
request: "_models.AttestOpenEnclaveRequest",
**kwargs
) -> "_models.AttestationResponse":
"""Attest to an SGX enclave.
Processes an OpenEnclave report , producing an artifact. The type of artifact produced is
dependent upon attestation policy.
:param request: Request object containing the quote.
:type request: ~azure.security.attestation.models.AttestOpenEnclaveRequest
:keyword callable cls: A custom type or function that will be passed the direct response
:return: AttestationResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.AttestationResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.AttestationResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.attest_open_enclave.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(request, 'AttestOpenEnclaveRequest')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('AttestationResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
attest_open_enclave.metadata = {'url': '/attest/OpenEnclave'} # type: ignore
async def attest_sgx_enclave(
self,
request: "_models.AttestSgxEnclaveRequest",
**kwargs
) -> "_models.AttestationResponse":
"""Attest to an SGX enclave.
Processes an SGX enclave quote, producing an artifact. The type of artifact produced is
dependent upon attestation policy.
:param request: Request object containing the quote.
:type request: ~azure.security.attestation.models.AttestSgxEnclaveRequest
:keyword callable cls: A custom type or function that will be passed the direct response
:return: AttestationResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.AttestationResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.AttestationResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.attest_sgx_enclave.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(request, 'AttestSgxEnclaveRequest')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('AttestationResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
attest_sgx_enclave.metadata = {'url': '/attest/SgxEnclave'} # type: ignore
async def attest_tpm(
self,
data: Optional[bytes] = None,
**kwargs
) -> "_models.TpmAttestationResponse":
"""Attest a Virtualization-based Security (VBS) enclave.
Processes attestation evidence from a VBS enclave, producing an attestation result. The
attestation result produced is dependent upon the attestation policy.
:param data: Protocol data containing artifacts for attestation.
:type data: bytes
:keyword callable cls: A custom type or function that will be passed the direct response
:return: TpmAttestationResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.TpmAttestationResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.TpmAttestationResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
_request = _models.TpmAttestationRequest(data=data)
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.attest_tpm.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(_request, 'TpmAttestationRequest')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('TpmAttestationResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
attest_tpm.metadata = {'url': '/attest/Tpm'} # type: ignore

91
sdk/attestation/azure-security-attestation/azure/security/attestation/aio/operations/_metadata_configuration_operations.py Normal file
Просмотреть файл

@ -0,0 +1,91 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, Callable, Dict, Generic, Optional, TypeVar
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from ... import models as _models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class MetadataConfigurationOperations:
"""MetadataConfigurationOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~azure.security.attestation.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = _models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
async def get(
self,
**kwargs
) -> object:
"""Retrieves the OpenID Configuration data for the Azure Attestation Service.
Retrieves metadata about the attestation signing keys in use by the attestation service.
:keyword callable cls: A custom type or function that will be passed the direct response
:return: object, or the result of cls(response)
:rtype: object
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[object]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('object', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/.well-known/openid-configuration'} # type: ignore

219
sdk/attestation/azure-security-attestation/azure/security/attestation/aio/operations/_policy_certificates_operations.py Normal file
Просмотреть файл

@ -0,0 +1,219 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, Callable, Dict, Generic, Optional, TypeVar
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from ... import models as _models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class PolicyCertificatesOperations:
"""PolicyCertificatesOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~azure.security.attestation.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = _models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
async def get(
self,
**kwargs
) -> "_models.PolicyCertificatesResponse":
"""Retrieves the set of certificates used to express policy for the current tenant.
Retrieves the set of certificates used to express policy for the current tenant.
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyCertificatesResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyCertificatesResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyCertificatesResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyCertificatesResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/certificates'} # type: ignore
async def add(
self,
policy_certificate_to_add: str,
**kwargs
) -> "_models.PolicyCertificatesModifyResponse":
"""Adds a new attestation policy certificate to the set of policy management certificates.
Adds a new attestation policy certificate to the set of policy management certificates.
:param policy_certificate_to_add: An RFC7519 JSON Web Token whose body is an RFC7517 JSON Web
Key object. The RFC7519 JWT must be signed with one of the existing signing certificates.
:type policy_certificate_to_add: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyCertificatesModifyResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyCertificatesModifyResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyCertificatesModifyResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.add.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(policy_certificate_to_add, 'str')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyCertificatesModifyResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
add.metadata = {'url': '/certificates:add'} # type: ignore
async def remove(
self,
policy_certificate_to_remove: str,
**kwargs
) -> "_models.PolicyCertificatesModifyResponse":
"""Removes the specified policy management certificate. Note that the final policy management certificate cannot be removed.
Removes the specified policy management certificate. Note that the final policy management
certificate cannot be removed.
:param policy_certificate_to_remove: An RFC7519 JSON Web Token whose body is an
AttestationCertificateManagementBody object. The RFC7519 JWT must be signed with one of the
existing signing certificates.
:type policy_certificate_to_remove: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyCertificatesModifyResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyCertificatesModifyResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyCertificatesModifyResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.remove.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(policy_certificate_to_remove, 'str')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyCertificatesModifyResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
remove.metadata = {'url': '/certificates:remove'} # type: ignore

231
sdk/attestation/azure-security-attestation/azure/security/attestation/aio/operations/_policy_operations.py Normal file
Просмотреть файл

@ -0,0 +1,231 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, Callable, Dict, Generic, Optional, TypeVar, Union
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from ... import models as _models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class PolicyOperations:
"""PolicyOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~azure.security.attestation.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = _models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
async def get(
self,
attestation_type: Union[str, "_models.AttestationType"],
**kwargs
) -> "_models.PolicyResponse":
"""Retrieves the current policy for an attestation type.
Retrieves the current policy for an attestation type.
:param attestation_type: Specifies the trusted execution environment to be used to validate the
evidence.
:type attestation_type: str or ~azure.security.attestation.models.AttestationType
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
'attestationType': self._serialize.url("attestation_type", attestation_type, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/policies/{attestationType}'} # type: ignore
async def set(
self,
attestation_type: Union[str, "_models.AttestationType"],
new_attestation_policy: str,
**kwargs
) -> "_models.PolicyResponse":
"""Sets the policy for a given attestation type.
Sets the policy for a given attestation type.
:param attestation_type: Specifies the trusted execution environment to be used to validate the
evidence.
:type attestation_type: str or ~azure.security.attestation.models.AttestationType
:param new_attestation_policy: JWT Expressing the new policy whose body is a
StoredAttestationPolicy object.
:type new_attestation_policy: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "text/plain")
accept = "application/json"
# Construct URL
url = self.set.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
'attestationType': self._serialize.url("attestation_type", attestation_type, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(new_attestation_policy, 'str')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
set.metadata = {'url': '/policies/{attestationType}'} # type: ignore
async def reset(
self,
attestation_type: Union[str, "_models.AttestationType"],
policy_jws: str,
**kwargs
) -> "_models.PolicyResponse":
"""Resets the attestation policy for the specified tenant and reverts to the default policy.
Resets the attestation policy for the specified tenant and reverts to the default policy.
:param attestation_type: Specifies the trusted execution environment to be used to validate the
evidence.
:type attestation_type: str or ~azure.security.attestation.models.AttestationType
:param policy_jws: JSON Web Signature with an empty policy document.
:type policy_jws: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "text/plain")
accept = "application/json"
# Construct URL
url = self.reset.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
'attestationType': self._serialize.url("attestation_type", attestation_type, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(policy_jws, 'str')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
reset.metadata = {'url': '/policies/{attestationType}:reset'} # type: ignore

91
sdk/attestation/azure-security-attestation/azure/security/attestation/aio/operations/_signing_certificates_operations.py Normal file
Просмотреть файл

@ -0,0 +1,91 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, Callable, Dict, Generic, Optional, TypeVar
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from ... import models as _models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class SigningCertificatesOperations:
"""SigningCertificatesOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~azure.security.attestation.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = _models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
async def get(
self,
**kwargs
) -> "_models.JSONWebKeySet":
"""Retrieves the attestation signing keys in use by the attestation service.
Retrieves metadata signing certificates in use by the attestation service.
:keyword callable cls: A custom type or function that will be passed the direct response
:return: JSONWebKeySet, or the result of cls(response)
:rtype: ~azure.security.attestation.models.JSONWebKeySet
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.JSONWebKeySet"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
accept = "application/jwk+json, application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('JSONWebKeySet', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/certs'} # type: ignore

84
sdk/attestation/azure-security-attestation/azure/security/attestation/models/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,84 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
try:
from ._models_py3 import AttestOpenEnclaveRequest
from ._models_py3 import AttestSgxEnclaveRequest
from ._models_py3 import AttestationCertificateManagementBody
from ._models_py3 import AttestationResponse
from ._models_py3 import AttestationResult
from ._models_py3 import CloudError
from ._models_py3 import CloudErrorBody
from ._models_py3 import InitTimeData
from ._models_py3 import JSONWebKey
from ._models_py3 import JSONWebKeySet
from ._models_py3 import PolicyCertificatesModificationResult
from ._models_py3 import PolicyCertificatesModifyResponse
from ._models_py3 import PolicyCertificatesResponse
from ._models_py3 import PolicyCertificatesResult
from ._models_py3 import PolicyResponse
from ._models_py3 import PolicyResult
from ._models_py3 import RuntimeData
from ._models_py3 import StoredAttestationPolicy
from ._models_py3 import TpmAttestationRequest
from ._models_py3 import TpmAttestationResponse
except (SyntaxError, ImportError):
from ._models import AttestOpenEnclaveRequest # type: ignore
from ._models import AttestSgxEnclaveRequest # type: ignore
from ._models import AttestationCertificateManagementBody # type: ignore
from ._models import AttestationResponse # type: ignore
from ._models import AttestationResult # type: ignore
from ._models import CloudError # type: ignore
from ._models import CloudErrorBody # type: ignore
from ._models import InitTimeData # type: ignore
from ._models import JSONWebKey # type: ignore
from ._models import JSONWebKeySet # type: ignore
from ._models import PolicyCertificatesModificationResult # type: ignore
from ._models import PolicyCertificatesModifyResponse # type: ignore
from ._models import PolicyCertificatesResponse # type: ignore
from ._models import PolicyCertificatesResult # type: ignore
from ._models import PolicyResponse # type: ignore
from ._models import PolicyResult # type: ignore
from ._models import RuntimeData # type: ignore
from ._models import StoredAttestationPolicy # type: ignore
from ._models import TpmAttestationRequest # type: ignore
from ._models import TpmAttestationResponse # type: ignore
from ._attestation_client_enums import (
AttestationType,
CertificateModification,
DataType,
PolicyModification,
)
__all__ = [
'AttestOpenEnclaveRequest',
'AttestSgxEnclaveRequest',
'AttestationCertificateManagementBody',
'AttestationResponse',
'AttestationResult',
'CloudError',
'CloudErrorBody',
'InitTimeData',
'JSONWebKey',
'JSONWebKeySet',
'PolicyCertificatesModificationResult',
'PolicyCertificatesModifyResponse',
'PolicyCertificatesResponse',
'PolicyCertificatesResult',
'PolicyResponse',
'PolicyResult',
'RuntimeData',
'StoredAttestationPolicy',
'TpmAttestationRequest',
'TpmAttestationResponse',
'AttestationType',
'CertificateModification',
'DataType',
'PolicyModification',
]

55
sdk/attestation/azure-security-attestation/azure/security/attestation/models/_attestation_client_enums.py Normal file
Просмотреть файл

@ -0,0 +1,55 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from enum import Enum, EnumMeta
from six import with_metaclass
class _CaseInsensitiveEnumMeta(EnumMeta):
def __getitem__(self, name):
return super().__getitem__(name.upper())
def __getattr__(cls, name):
"""Return the enum member matching `name`
We use __getattr__ instead of descriptors or inserting into the enum
class' __dict__ in order to support `name` and `value` being both
properties for enum members (which live in the class' __dict__) and
enum members themselves.
"""
try:
return cls._member_map_[name.upper()]
except KeyError:
raise AttributeError(name)
class AttestationType(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
SGX_ENCLAVE = "SgxEnclave" #: Intel Software Guard eXtensions.
OPEN_ENCLAVE = "OpenEnclave" #: OpenEnclave extensions to SGX.
TPM = "Tpm" #: Edge TPM Virtualization Based Security.
class CertificateModification(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The result of the operation
"""
IS_PRESENT = "IsPresent" #: After the operation was performed, the certificate is in the set of certificates.
IS_ABSENT = "IsAbsent" #: After the operation was performed, the certificate is no longer present in the set of certificates.
class DataType(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""Specifies the type of the data encoded contained within the "data" field of a "RuntimeData" or
"InitTimeData" object
"""
BINARY = "Binary" #: The contents of the field should be treated as binary and not interpreted by MAA.
JSON = "JSON" #: The contents of the field should be treated as a JSON object and may be further interpreted by MAA.
class PolicyModification(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The result of the operation
"""
UPDATED = "Updated" #: The specified policy object was updated.
REMOVED = "Removed" #: The specified policy object was removed.

731
sdk/attestation/azure-security-attestation/azure/security/attestation/models/_models.py Normal file
Просмотреть файл

@ -0,0 +1,731 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from azure.core.exceptions import HttpResponseError
import msrest.serialization
class AttestationCertificateManagementBody(msrest.serialization.Model):
"""The body of the JWT used for the PolicyCertificates APIs.
:param policy_certificate: RFC 7517 Json Web Key describing the certificate.
:type policy_certificate: ~azure.security.attestation.models.JSONWebKey
"""
_attribute_map = {
'policy_certificate': {'key': 'policyCertificate', 'type': 'JSONWebKey'},
}
def __init__(
self,
**kwargs
):
super(AttestationCertificateManagementBody, self).__init__(**kwargs)
self.policy_certificate = kwargs.get('policy_certificate', None)
class AttestationResponse(msrest.serialization.Model):
"""The result of an attestation operation.
:param token: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object.
:type token: str
"""
_validation = {
'token': {'pattern': r'[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'},
}
_attribute_map = {
'token': {'key': 'token', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(AttestationResponse, self).__init__(**kwargs)
self.token = kwargs.get('token', None)
class AttestationResult(msrest.serialization.Model):
"""A Microsoft Azure Attestation response token body - the body of a response token issued by MAA.
:param jti: Unique Identifier for the token.
:type jti: str
:param iss: The Principal who issued the token.
:type iss: str
:param iat: The time at which the token was issued, in the number of seconds since
1970-01-0T00:00:00Z UTC.
:type iat: float
:param exp: The expiration time after which the token is no longer valid, in the number of
seconds since 1970-01-0T00:00:00Z UTC.
:type exp: float
:param nbf: The not before time before which the token cannot be considered valid, in the
number of seconds since 1970-01-0T00:00:00Z UTC.
:type nbf: float
:param cnf: An RFC 7800 Proof of Possession Key.
:type cnf: object
:param nonce: The Nonce input to the attestation request, if provided.
:type nonce: str
:param version: The Schema version of this structure. Current Value: 1.0.
:type version: str
:param runtime_claims: Runtime Claims.
:type runtime_claims: object
:param inittime_claims: Inittime Claims.
:type inittime_claims: object
:param policy_claims: Policy Generated Claims.
:type policy_claims: object
:param verifier_type: The Attestation type being attested.
:type verifier_type: str
:param policy_signer: The certificate used to sign the policy object, if specified.
:type policy_signer: ~azure.security.attestation.models.JSONWebKey
:param policy_hash: The SHA256 hash of the BASE64URL encoded policy text used for attestation.
:type policy_hash: bytes
:param is_debuggable: True if the enclave is debuggable, false otherwise.
:type is_debuggable: bool
:param product_id: The SGX Product ID for the enclave.
:type product_id: float
:param mr_enclave: The HEX encoded SGX MRENCLAVE value for the enclave.
:type mr_enclave: str
:param mr_signer: The HEX encoded SGX MRSIGNER value for the enclave.
:type mr_signer: str
:param svn: The SGX SVN value for the enclave.
:type svn: float
:param enclave_held_data: A copy of the RuntimeData specified as an input to the attest call.
:type enclave_held_data: bytes
:param sgx_collateral: The SGX SVN value for the enclave.
:type sgx_collateral: object
:param deprecated_version: DEPRECATED: Private Preview version of x-ms-ver claim.
:type deprecated_version: str
:param deprecated_is_debuggable: DEPRECATED: Private Preview version of x-ms-sgx-is-debuggable
claim.
:type deprecated_is_debuggable: bool
:param deprecated_sgx_collateral: DEPRECATED: Private Preview version of x-ms-sgx-collateral
claim.
:type deprecated_sgx_collateral: object
:param deprecated_enclave_held_data: DEPRECATED: Private Preview version of x-ms-sgx-ehd claim.
:type deprecated_enclave_held_data: bytes
:param deprecated_enclave_held_data2: DEPRECATED: Private Preview version of x-ms-sgx-ehd
claim.
:type deprecated_enclave_held_data2: bytes
:param deprecated_product_id: DEPRECATED: Private Preview version of x-ms-sgx-product-id.
:type deprecated_product_id: float
:param deprecated_mr_enclave: DEPRECATED: Private Preview version of x-ms-sgx-mrenclave.
:type deprecated_mr_enclave: str
:param deprecated_mr_signer: DEPRECATED: Private Preview version of x-ms-sgx-mrsigner.
:type deprecated_mr_signer: str
:param deprecated_svn: DEPRECATED: Private Preview version of x-ms-sgx-svn.
:type deprecated_svn: float
:param deprecated_tee: DEPRECATED: Private Preview version of x-ms-tee.
:type deprecated_tee: str
:param deprecated_policy_signer: DEPRECATED: Private Preview version of x-ms-policy-signer.
:type deprecated_policy_signer: ~azure.security.attestation.models.JSONWebKey
:param deprecated_policy_hash: DEPRECATED: Private Preview version of x-ms-policy-hash.
:type deprecated_policy_hash: bytes
:param deprecated_rp_data: DEPRECATED: Private Preview version of nonce.
:type deprecated_rp_data: str
"""
_attribute_map = {
'jti': {'key': 'jti', 'type': 'str'},
'iss': {'key': 'iss', 'type': 'str'},
'iat': {'key': 'iat', 'type': 'float'},
'exp': {'key': 'exp', 'type': 'float'},
'nbf': {'key': 'nbf', 'type': 'float'},
'cnf': {'key': 'cnf', 'type': 'object'},
'nonce': {'key': 'nonce', 'type': 'str'},
'version': {'key': 'x-ms-ver', 'type': 'str'},
'runtime_claims': {'key': 'x-ms-runtime', 'type': 'object'},
'inittime_claims': {'key': 'x-ms-inittime', 'type': 'object'},
'policy_claims': {'key': 'x-ms-policy', 'type': 'object'},
'verifier_type': {'key': 'x-ms-attestation-type', 'type': 'str'},
'policy_signer': {'key': 'x-ms-policy-signer', 'type': 'JSONWebKey'},
'policy_hash': {'key': 'x-ms-policy-hash', 'type': 'base64'},
'is_debuggable': {'key': 'x-ms-sgx-is-debuggable', 'type': 'bool'},
'product_id': {'key': 'x-ms-sgx-product-id', 'type': 'float'},
'mr_enclave': {'key': 'x-ms-sgx-mrenclave', 'type': 'str'},
'mr_signer': {'key': 'x-ms-sgx-mrsigner', 'type': 'str'},
'svn': {'key': 'x-ms-sgx-svn', 'type': 'float'},
'enclave_held_data': {'key': 'x-ms-sgx-ehd', 'type': 'base64'},
'sgx_collateral': {'key': 'x-ms-sgx-collateral', 'type': 'object'},
'deprecated_version': {'key': 'ver', 'type': 'str'},
'deprecated_is_debuggable': {'key': 'is-debuggable', 'type': 'bool'},
'deprecated_sgx_collateral': {'key': 'maa-attestationcollateral', 'type': 'object'},
'deprecated_enclave_held_data': {'key': 'aas-ehd', 'type': 'base64'},
'deprecated_enclave_held_data2': {'key': 'maa-ehd', 'type': 'base64'},
'deprecated_product_id': {'key': 'product-id', 'type': 'float'},
'deprecated_mr_enclave': {'key': 'sgx-mrenclave', 'type': 'str'},
'deprecated_mr_signer': {'key': 'sgx-mrsigner', 'type': 'str'},
'deprecated_svn': {'key': 'svn', 'type': 'float'},
'deprecated_tee': {'key': 'tee', 'type': 'str'},
'deprecated_policy_signer': {'key': 'policy_signer', 'type': 'JSONWebKey'},
'deprecated_policy_hash': {'key': 'policy_hash', 'type': 'base64'},
'deprecated_rp_data': {'key': 'rp_data', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(AttestationResult, self).__init__(**kwargs)
self.jti = kwargs.get('jti', None)
self.iss = kwargs.get('iss', None)
self.iat = kwargs.get('iat', None)
self.exp = kwargs.get('exp', None)
self.nbf = kwargs.get('nbf', None)
self.cnf = kwargs.get('cnf', None)
self.nonce = kwargs.get('nonce', None)
self.version = kwargs.get('version', None)
self.runtime_claims = kwargs.get('runtime_claims', None)
self.inittime_claims = kwargs.get('inittime_claims', None)
self.policy_claims = kwargs.get('policy_claims', None)
self.verifier_type = kwargs.get('verifier_type', None)
self.policy_signer = kwargs.get('policy_signer', None)
self.policy_hash = kwargs.get('policy_hash', None)
self.is_debuggable = kwargs.get('is_debuggable', None)
self.product_id = kwargs.get('product_id', None)
self.mr_enclave = kwargs.get('mr_enclave', None)
self.mr_signer = kwargs.get('mr_signer', None)
self.svn = kwargs.get('svn', None)
self.enclave_held_data = kwargs.get('enclave_held_data', None)
self.sgx_collateral = kwargs.get('sgx_collateral', None)
self.deprecated_version = kwargs.get('deprecated_version', None)
self.deprecated_is_debuggable = kwargs.get('deprecated_is_debuggable', None)
self.deprecated_sgx_collateral = kwargs.get('deprecated_sgx_collateral', None)
self.deprecated_enclave_held_data = kwargs.get('deprecated_enclave_held_data', None)
self.deprecated_enclave_held_data2 = kwargs.get('deprecated_enclave_held_data2', None)
self.deprecated_product_id = kwargs.get('deprecated_product_id', None)
self.deprecated_mr_enclave = kwargs.get('deprecated_mr_enclave', None)
self.deprecated_mr_signer = kwargs.get('deprecated_mr_signer', None)
self.deprecated_svn = kwargs.get('deprecated_svn', None)
self.deprecated_tee = kwargs.get('deprecated_tee', None)
self.deprecated_policy_signer = kwargs.get('deprecated_policy_signer', None)
self.deprecated_policy_hash = kwargs.get('deprecated_policy_hash', None)
self.deprecated_rp_data = kwargs.get('deprecated_rp_data', None)
class AttestOpenEnclaveRequest(msrest.serialization.Model):
"""Attestation request for Intel SGX enclaves.
:param report: OpenEnclave report from the enclave to be attested.
:type report: bytes
:param runtime_data: Runtime data provided by the enclave at the time of report generation. The
MAA will verify that the first 32 bytes of the report_data field of the quote contains the
SHA256 hash of the decoded "data" field of the runtime data.
:type runtime_data: ~azure.security.attestation.models.RuntimeData
:param init_time_data: Base64Url encoded "InitTime data". The MAA will verify that the init
data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.
:type init_time_data: ~azure.security.attestation.models.InitTimeData
:param draft_policy_for_attestation: Attest against the provided draft policy. Note that the
resulting token cannot be validated.
:type draft_policy_for_attestation: str
:param nonce: Nonce for incoming request - emitted in the generated attestation token.
:type nonce: str
"""
_attribute_map = {
'report': {'key': 'report', 'type': 'base64'},
'runtime_data': {'key': 'runtimeData', 'type': 'RuntimeData'},
'init_time_data': {'key': 'initTimeData', 'type': 'InitTimeData'},
'draft_policy_for_attestation': {'key': 'draftPolicyForAttestation', 'type': 'str'},
'nonce': {'key': 'nonce', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(AttestOpenEnclaveRequest, self).__init__(**kwargs)
self.report = kwargs.get('report', None)
self.runtime_data = kwargs.get('runtime_data', None)
self.init_time_data = kwargs.get('init_time_data', None)
self.draft_policy_for_attestation = kwargs.get('draft_policy_for_attestation', None)
self.nonce = kwargs.get('nonce', None)
class AttestSgxEnclaveRequest(msrest.serialization.Model):
"""Attestation request for Intel SGX enclaves.
:param quote: Quote of the enclave to be attested.
:type quote: bytes
:param runtime_data: Runtime data provided by the enclave at the time of quote generation. The
MAA will verify that the first 32 bytes of the report_data field of the quote contains the
SHA256 hash of the decoded "data" field of the runtime data.
:type runtime_data: ~azure.security.attestation.models.RuntimeData
:param init_time_data: Initialization data provided when the enclave is created. MAA will
verify that the init data was known to the enclave. Note that InitTimeData is invalid for
CoffeeLake processors.
:type init_time_data: ~azure.security.attestation.models.InitTimeData
:param draft_policy_for_attestation: Attest against the provided draft policy. Note that the
resulting token cannot be validated.
:type draft_policy_for_attestation: str
:param nonce: Nonce for incoming request - emitted in the generated attestation token.
:type nonce: str
"""
_attribute_map = {
'quote': {'key': 'quote', 'type': 'base64'},
'runtime_data': {'key': 'runtimeData', 'type': 'RuntimeData'},
'init_time_data': {'key': 'initTimeData', 'type': 'InitTimeData'},
'draft_policy_for_attestation': {'key': 'draftPolicyForAttestation', 'type': 'str'},
'nonce': {'key': 'nonce', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(AttestSgxEnclaveRequest, self).__init__(**kwargs)
self.quote = kwargs.get('quote', None)
self.runtime_data = kwargs.get('runtime_data', None)
self.init_time_data = kwargs.get('init_time_data', None)
self.draft_policy_for_attestation = kwargs.get('draft_policy_for_attestation', None)
self.nonce = kwargs.get('nonce', None)
class CloudError(msrest.serialization.Model):
"""An error response from Attestation.
:param error: An error response from Attestation.
:type error: ~azure.security.attestation.models.CloudErrorBody
"""
_attribute_map = {
'error': {'key': 'error', 'type': 'CloudErrorBody'},
}
def __init__(
self,
**kwargs
):
super(CloudError, self).__init__(**kwargs)
self.error = kwargs.get('error', None)
class CloudErrorBody(msrest.serialization.Model):
"""An error response from Attestation.
:param code: An identifier for the error. Codes are invariant and are intended to be consumed
programmatically.
:type code: str
:param message: A message describing the error, intended to be suitable for displaying in a
user interface.
:type message: str
"""
_attribute_map = {
'code': {'key': 'code', 'type': 'str'},
'message': {'key': 'message', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(CloudErrorBody, self).__init__(**kwargs)
self.code = kwargs.get('code', None)
self.message = kwargs.get('message', None)
class InitTimeData(msrest.serialization.Model):
"""Defines the "initialization time data" used to provision the attestation target for use by the MAA.
:param data: UTF-8 encoded Initialization Data passed into the trusted environment when it is
created.
:type data: bytes
:param data_type: The type of data contained within the "data" field. Possible values include:
"Binary", "JSON".
:type data_type: str or ~azure.security.attestation.models.DataType
"""
_attribute_map = {
'data': {'key': 'data', 'type': 'base64'},
'data_type': {'key': 'dataType', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(InitTimeData, self).__init__(**kwargs)
self.data = kwargs.get('data', None)
self.data_type = kwargs.get('data_type', None)
class JSONWebKey(msrest.serialization.Model):
"""JSONWebKey.
All required parameters must be populated in order to send to Azure.
:param alg: Required. The "alg" (algorithm) parameter identifies the algorithm intended for
use with the key. The values used should either be registered in the
IANA "JSON Web Signature and Encryption Algorithms" registry
established by [JWA] or be a value that contains a Collision-
Resistant Name.
:type alg: str
:param crv: The "crv" (curve) parameter identifies the curve type.
:type crv: str
:param d: RSA private exponent or ECC private key.
:type d: str
:param dp: RSA Private Key Parameter.
:type dp: str
:param dq: RSA Private Key Parameter.
:type dq: str
:param e: RSA public exponent, in Base64.
:type e: str
:param k: Symmetric key.
:type k: str
:param kid: Required. The "kid" (key ID) parameter is used to match a specific key. This
is used, for instance, to choose among a set of keys within a JWK Set
during key rollover. The structure of the "kid" value is
unspecified. When "kid" values are used within a JWK Set, different
keys within the JWK Set SHOULD use distinct "kid" values. (One
example in which different keys might use the same "kid" value is if
they have different "kty" (key type) values but are considered to be
equivalent alternatives by the application using them.) The "kid"
value is a case-sensitive string.
:type kid: str
:param kty: Required. The "kty" (key type) parameter identifies the cryptographic algorithm
family used with the key, such as "RSA" or "EC". "kty" values should
either be registered in the IANA "JSON Web Key Types" registry
established by [JWA] or be a value that contains a Collision-
Resistant Name. The "kty" value is a case-sensitive string.
:type kty: str
:param n: RSA modulus, in Base64.
:type n: str
:param p: RSA secret prime.
:type p: str
:param q: RSA secret prime, with p < q.
:type q: str
:param qi: RSA Private Key Parameter.
:type qi: str
:param use: Required. Use ("public key use") identifies the intended use of
the public key. The "use" parameter is employed to indicate whether
a public key is used for encrypting data or verifying the signature
on data. Values are commonly "sig" (signature) or "enc" (encryption).
:type use: str
:param x: X coordinate for the Elliptic Curve point.
:type x: str
:param x5_c: The "x5c" (X.509 certificate chain) parameter contains a chain of one
or more PKIX certificates [RFC5280]. The certificate chain is
represented as a JSON array of certificate value strings. Each
string in the array is a base64-encoded (Section 4 of [RFC4648] --
not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
The PKIX certificate containing the key value MUST be the first
certificate.
:type x5_c: list[str]
:param y: Y coordinate for the Elliptic Curve point.
:type y: str
"""
_validation = {
'alg': {'required': True},
'kid': {'required': True},
'kty': {'required': True},
'use': {'required': True},
}
_attribute_map = {
'alg': {'key': 'alg', 'type': 'str'},
'crv': {'key': 'crv', 'type': 'str'},
'd': {'key': 'd', 'type': 'str'},
'dp': {'key': 'dp', 'type': 'str'},
'dq': {'key': 'dq', 'type': 'str'},
'e': {'key': 'e', 'type': 'str'},
'k': {'key': 'k', 'type': 'str'},
'kid': {'key': 'kid', 'type': 'str'},
'kty': {'key': 'kty', 'type': 'str'},
'n': {'key': 'n', 'type': 'str'},
'p': {'key': 'p', 'type': 'str'},
'q': {'key': 'q', 'type': 'str'},
'qi': {'key': 'qi', 'type': 'str'},
'use': {'key': 'use', 'type': 'str'},
'x': {'key': 'x', 'type': 'str'},
'x5_c': {'key': 'x5c', 'type': '[str]'},
'y': {'key': 'y', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(JSONWebKey, self).__init__(**kwargs)
self.alg = kwargs['alg']
self.crv = kwargs.get('crv', None)
self.d = kwargs.get('d', None)
self.dp = kwargs.get('dp', None)
self.dq = kwargs.get('dq', None)
self.e = kwargs.get('e', None)
self.k = kwargs.get('k', None)
self.kid = kwargs['kid']
self.kty = kwargs['kty']
self.n = kwargs.get('n', None)
self.p = kwargs.get('p', None)
self.q = kwargs.get('q', None)
self.qi = kwargs.get('qi', None)
self.use = kwargs['use']
self.x = kwargs.get('x', None)
self.x5_c = kwargs.get('x5_c', None)
self.y = kwargs.get('y', None)
class JSONWebKeySet(msrest.serialization.Model):
"""JSONWebKeySet.
:param keys: The value of the "keys" parameter is an array of JWK values. By
default, the order of the JWK values within the array does not imply
an order of preference among them, although applications of JWK Sets
can choose to assign a meaning to the order for their purposes, if
desired.
:type keys: list[~azure.security.attestation.models.JSONWebKey]
"""
_attribute_map = {
'keys': {'key': 'keys', 'type': '[JSONWebKey]'},
}
def __init__(
self,
**kwargs
):
super(JSONWebKeySet, self).__init__(**kwargs)
self.keys = kwargs.get('keys', None)
class PolicyCertificatesModificationResult(msrest.serialization.Model):
"""The result of a policy certificate modification.
:param certificate_thumbprint: Hex encoded SHA1 Hash of the binary representation certificate
which was added or removed.
:type certificate_thumbprint: str
:param certificate_resolution: The result of the operation. Possible values include:
"IsPresent", "IsAbsent".
:type certificate_resolution: str or ~azure.security.attestation.models.CertificateModification
"""
_attribute_map = {
'certificate_thumbprint': {'key': 'x-ms-certificate-thumbprint', 'type': 'str'},
'certificate_resolution': {'key': 'x-ms-policycertificates-result', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(PolicyCertificatesModificationResult, self).__init__(**kwargs)
self.certificate_thumbprint = kwargs.get('certificate_thumbprint', None)
self.certificate_resolution = kwargs.get('certificate_resolution', None)
class PolicyCertificatesModifyResponse(msrest.serialization.Model):
"""The response to an attestation policy management API.
:param token: An RFC7519 JSON Web Token structure whose body is a
PolicyCertificatesModificationResult object.
:type token: str
"""
_validation = {
'token': {'pattern': r'[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'},
}
_attribute_map = {
'token': {'key': 'token', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(PolicyCertificatesModifyResponse, self).__init__(**kwargs)
self.token = kwargs.get('token', None)
class PolicyCertificatesResponse(msrest.serialization.Model):
"""The response to an attestation policy management API.
:param token: An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults object
which contains the certificates used to validate policy changes.
:type token: str
"""
_validation = {
'token': {'pattern': r'[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'},
}
_attribute_map = {
'token': {'key': 'token', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(PolicyCertificatesResponse, self).__init__(**kwargs)
self.token = kwargs.get('token', None)
class PolicyCertificatesResult(msrest.serialization.Model):
"""The result of a call to retrieve policy certificates.
:param policy_certificates: SHA256 Hash of the binary representation certificate which was
added or removed.
:type policy_certificates: ~azure.security.attestation.models.JSONWebKeySet
"""
_attribute_map = {
'policy_certificates': {'key': 'x-ms-policy-certificates', 'type': 'JSONWebKeySet'},
}
def __init__(
self,
**kwargs
):
super(PolicyCertificatesResult, self).__init__(**kwargs)
self.policy_certificates = kwargs.get('policy_certificates', None)
class PolicyResponse(msrest.serialization.Model):
"""The response to an attestation policy operation.
:param token: An RFC7519 JSON Web Token structure whose body is an PolicyResult object.
:type token: str
"""
_validation = {
'token': {'pattern': r'[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'},
}
_attribute_map = {
'token': {'key': 'token', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(PolicyResponse, self).__init__(**kwargs)
self.token = kwargs.get('token', None)
class PolicyResult(msrest.serialization.Model):
"""The result of a policy certificate modification.
:param policy_resolution: The result of the operation. Possible values include: "Updated",
"Removed".
:type policy_resolution: str or ~azure.security.attestation.models.PolicyModification
:param policy_token_hash: The SHA256 hash of the policy object modified.
:type policy_token_hash: bytes
:param policy_signer: The certificate used to sign the policy object, if specified.
:type policy_signer: ~azure.security.attestation.models.JSONWebKey
:param policy: A JSON Web Token containing a StoredAttestationPolicy object with the
attestation policy.
:type policy: str
"""
_validation = {
'policy': {'pattern': r'[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'},
}
_attribute_map = {
'policy_resolution': {'key': 'x-ms-policy-result', 'type': 'str'},
'policy_token_hash': {'key': 'x-ms-policy-token-hash', 'type': 'base64'},
'policy_signer': {'key': 'x-ms-policy-signer', 'type': 'JSONWebKey'},
'policy': {'key': 'x-ms-policy', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(PolicyResult, self).__init__(**kwargs)
self.policy_resolution = kwargs.get('policy_resolution', None)
self.policy_token_hash = kwargs.get('policy_token_hash', None)
self.policy_signer = kwargs.get('policy_signer', None)
self.policy = kwargs.get('policy', None)
class RuntimeData(msrest.serialization.Model):
"""Defines the "run time data" provided by the attestation target for use by the MAA.
:param data: UTF-8 encoded Runtime Data generated by the trusted environment.
:type data: bytes
:param data_type: The type of data contained within the "data" field. Possible values include:
"Binary", "JSON".
:type data_type: str or ~azure.security.attestation.models.DataType
"""
_attribute_map = {
'data': {'key': 'data', 'type': 'base64'},
'data_type': {'key': 'dataType', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(RuntimeData, self).__init__(**kwargs)
self.data = kwargs.get('data', None)
self.data_type = kwargs.get('data_type', None)
class StoredAttestationPolicy(msrest.serialization.Model):
"""StoredAttestationPolicy.
:param attestation_policy: Policy text to set as a sequence of UTF-8 encoded octets.
:type attestation_policy: bytes
"""
_attribute_map = {
'attestation_policy': {'key': 'AttestationPolicy', 'type': 'base64'},
}
def __init__(
self,
**kwargs
):
super(StoredAttestationPolicy, self).__init__(**kwargs)
self.attestation_policy = kwargs.get('attestation_policy', None)
class TpmAttestationRequest(msrest.serialization.Model):
"""Attestation request for Trusted Platform Module (TPM) attestation.
:param data: Protocol data containing artifacts for attestation.
:type data: bytes
"""
_attribute_map = {
'data': {'key': 'data', 'type': 'base64'},
}
def __init__(
self,
**kwargs
):
super(TpmAttestationRequest, self).__init__(**kwargs)
self.data = kwargs.get('data', None)
class TpmAttestationResponse(msrest.serialization.Model):
"""Attestation response for Trusted Platform Module (TPM) attestation.
:param data: Protocol data containing attestation service response.
:type data: bytes
"""
_attribute_map = {
'data': {'key': 'data', 'type': 'base64'},
}
def __init__(
self,
**kwargs
):
super(TpmAttestationResponse, self).__init__(**kwargs)
self.data = kwargs.get('data', None)

839
sdk/attestation/azure-security-attestation/azure/security/attestation/models/_models_py3.py Normal file
Просмотреть файл

@ -0,0 +1,839 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import List, Optional, Union
from azure.core.exceptions import HttpResponseError
import msrest.serialization
from ._attestation_client_enums import *
class AttestationCertificateManagementBody(msrest.serialization.Model):
"""The body of the JWT used for the PolicyCertificates APIs.
:param policy_certificate: RFC 7517 Json Web Key describing the certificate.
:type policy_certificate: ~azure.security.attestation.models.JSONWebKey
"""
_attribute_map = {
'policy_certificate': {'key': 'policyCertificate', 'type': 'JSONWebKey'},
}
def __init__(
self,
*,
policy_certificate: Optional["JSONWebKey"] = None,
**kwargs
):
super(AttestationCertificateManagementBody, self).__init__(**kwargs)
self.policy_certificate = policy_certificate
class AttestationResponse(msrest.serialization.Model):
"""The result of an attestation operation.
:param token: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object.
:type token: str
"""
_validation = {
'token': {'pattern': r'[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'},
}
_attribute_map = {
'token': {'key': 'token', 'type': 'str'},
}
def __init__(
self,
*,
token: Optional[str] = None,
**kwargs
):
super(AttestationResponse, self).__init__(**kwargs)
self.token = token
class AttestationResult(msrest.serialization.Model):
"""A Microsoft Azure Attestation response token body - the body of a response token issued by MAA.
:param jti: Unique Identifier for the token.
:type jti: str
:param iss: The Principal who issued the token.
:type iss: str
:param iat: The time at which the token was issued, in the number of seconds since
1970-01-0T00:00:00Z UTC.
:type iat: float
:param exp: The expiration time after which the token is no longer valid, in the number of
seconds since 1970-01-0T00:00:00Z UTC.
:type exp: float
:param nbf: The not before time before which the token cannot be considered valid, in the
number of seconds since 1970-01-0T00:00:00Z UTC.
:type nbf: float
:param cnf: An RFC 7800 Proof of Possession Key.
:type cnf: object
:param nonce: The Nonce input to the attestation request, if provided.
:type nonce: str
:param version: The Schema version of this structure. Current Value: 1.0.
:type version: str
:param runtime_claims: Runtime Claims.
:type runtime_claims: object
:param inittime_claims: Inittime Claims.
:type inittime_claims: object
:param policy_claims: Policy Generated Claims.
:type policy_claims: object
:param verifier_type: The Attestation type being attested.
:type verifier_type: str
:param policy_signer: The certificate used to sign the policy object, if specified.
:type policy_signer: ~azure.security.attestation.models.JSONWebKey
:param policy_hash: The SHA256 hash of the BASE64URL encoded policy text used for attestation.
:type policy_hash: bytes
:param is_debuggable: True if the enclave is debuggable, false otherwise.
:type is_debuggable: bool
:param product_id: The SGX Product ID for the enclave.
:type product_id: float
:param mr_enclave: The HEX encoded SGX MRENCLAVE value for the enclave.
:type mr_enclave: str
:param mr_signer: The HEX encoded SGX MRSIGNER value for the enclave.
:type mr_signer: str
:param svn: The SGX SVN value for the enclave.
:type svn: float
:param enclave_held_data: A copy of the RuntimeData specified as an input to the attest call.
:type enclave_held_data: bytes
:param sgx_collateral: The SGX SVN value for the enclave.
:type sgx_collateral: object
:param deprecated_version: DEPRECATED: Private Preview version of x-ms-ver claim.
:type deprecated_version: str
:param deprecated_is_debuggable: DEPRECATED: Private Preview version of x-ms-sgx-is-debuggable
claim.
:type deprecated_is_debuggable: bool
:param deprecated_sgx_collateral: DEPRECATED: Private Preview version of x-ms-sgx-collateral
claim.
:type deprecated_sgx_collateral: object
:param deprecated_enclave_held_data: DEPRECATED: Private Preview version of x-ms-sgx-ehd claim.
:type deprecated_enclave_held_data: bytes
:param deprecated_enclave_held_data2: DEPRECATED: Private Preview version of x-ms-sgx-ehd
claim.
:type deprecated_enclave_held_data2: bytes
:param deprecated_product_id: DEPRECATED: Private Preview version of x-ms-sgx-product-id.
:type deprecated_product_id: float
:param deprecated_mr_enclave: DEPRECATED: Private Preview version of x-ms-sgx-mrenclave.
:type deprecated_mr_enclave: str
:param deprecated_mr_signer: DEPRECATED: Private Preview version of x-ms-sgx-mrsigner.
:type deprecated_mr_signer: str
:param deprecated_svn: DEPRECATED: Private Preview version of x-ms-sgx-svn.
:type deprecated_svn: float
:param deprecated_tee: DEPRECATED: Private Preview version of x-ms-tee.
:type deprecated_tee: str
:param deprecated_policy_signer: DEPRECATED: Private Preview version of x-ms-policy-signer.
:type deprecated_policy_signer: ~azure.security.attestation.models.JSONWebKey
:param deprecated_policy_hash: DEPRECATED: Private Preview version of x-ms-policy-hash.
:type deprecated_policy_hash: bytes
:param deprecated_rp_data: DEPRECATED: Private Preview version of nonce.
:type deprecated_rp_data: str
"""
_attribute_map = {
'jti': {'key': 'jti', 'type': 'str'},
'iss': {'key': 'iss', 'type': 'str'},
'iat': {'key': 'iat', 'type': 'float'},
'exp': {'key': 'exp', 'type': 'float'},
'nbf': {'key': 'nbf', 'type': 'float'},
'cnf': {'key': 'cnf', 'type': 'object'},
'nonce': {'key': 'nonce', 'type': 'str'},
'version': {'key': 'x-ms-ver', 'type': 'str'},
'runtime_claims': {'key': 'x-ms-runtime', 'type': 'object'},
'inittime_claims': {'key': 'x-ms-inittime', 'type': 'object'},
'policy_claims': {'key': 'x-ms-policy', 'type': 'object'},
'verifier_type': {'key': 'x-ms-attestation-type', 'type': 'str'},
'policy_signer': {'key': 'x-ms-policy-signer', 'type': 'JSONWebKey'},
'policy_hash': {'key': 'x-ms-policy-hash', 'type': 'base64'},
'is_debuggable': {'key': 'x-ms-sgx-is-debuggable', 'type': 'bool'},
'product_id': {'key': 'x-ms-sgx-product-id', 'type': 'float'},
'mr_enclave': {'key': 'x-ms-sgx-mrenclave', 'type': 'str'},
'mr_signer': {'key': 'x-ms-sgx-mrsigner', 'type': 'str'},
'svn': {'key': 'x-ms-sgx-svn', 'type': 'float'},
'enclave_held_data': {'key': 'x-ms-sgx-ehd', 'type': 'base64'},
'sgx_collateral': {'key': 'x-ms-sgx-collateral', 'type': 'object'},
'deprecated_version': {'key': 'ver', 'type': 'str'},
'deprecated_is_debuggable': {'key': 'is-debuggable', 'type': 'bool'},
'deprecated_sgx_collateral': {'key': 'maa-attestationcollateral', 'type': 'object'},
'deprecated_enclave_held_data': {'key': 'aas-ehd', 'type': 'base64'},
'deprecated_enclave_held_data2': {'key': 'maa-ehd', 'type': 'base64'},
'deprecated_product_id': {'key': 'product-id', 'type': 'float'},
'deprecated_mr_enclave': {'key': 'sgx-mrenclave', 'type': 'str'},
'deprecated_mr_signer': {'key': 'sgx-mrsigner', 'type': 'str'},
'deprecated_svn': {'key': 'svn', 'type': 'float'},
'deprecated_tee': {'key': 'tee', 'type': 'str'},
'deprecated_policy_signer': {'key': 'policy_signer', 'type': 'JSONWebKey'},
'deprecated_policy_hash': {'key': 'policy_hash', 'type': 'base64'},
'deprecated_rp_data': {'key': 'rp_data', 'type': 'str'},
}
def __init__(
self,
*,
jti: Optional[str] = None,
iss: Optional[str] = None,
iat: Optional[float] = None,
exp: Optional[float] = None,
nbf: Optional[float] = None,
cnf: Optional[object] = None,
nonce: Optional[str] = None,
version: Optional[str] = None,
runtime_claims: Optional[object] = None,
inittime_claims: Optional[object] = None,
policy_claims: Optional[object] = None,
verifier_type: Optional[str] = None,
policy_signer: Optional["JSONWebKey"] = None,
policy_hash: Optional[bytes] = None,
is_debuggable: Optional[bool] = None,
product_id: Optional[float] = None,
mr_enclave: Optional[str] = None,
mr_signer: Optional[str] = None,
svn: Optional[float] = None,
enclave_held_data: Optional[bytes] = None,
sgx_collateral: Optional[object] = None,
deprecated_version: Optional[str] = None,
deprecated_is_debuggable: Optional[bool] = None,
deprecated_sgx_collateral: Optional[object] = None,
deprecated_enclave_held_data: Optional[bytes] = None,
deprecated_enclave_held_data2: Optional[bytes] = None,
deprecated_product_id: Optional[float] = None,
deprecated_mr_enclave: Optional[str] = None,
deprecated_mr_signer: Optional[str] = None,
deprecated_svn: Optional[float] = None,
deprecated_tee: Optional[str] = None,
deprecated_policy_signer: Optional["JSONWebKey"] = None,
deprecated_policy_hash: Optional[bytes] = None,
deprecated_rp_data: Optional[str] = None,
**kwargs
):
super(AttestationResult, self).__init__(**kwargs)
self.jti = jti
self.iss = iss
self.iat = iat
self.exp = exp
self.nbf = nbf
self.cnf = cnf
self.nonce = nonce
self.version = version
self.runtime_claims = runtime_claims
self.inittime_claims = inittime_claims
self.policy_claims = policy_claims
self.verifier_type = verifier_type
self.policy_signer = policy_signer
self.policy_hash = policy_hash
self.is_debuggable = is_debuggable
self.product_id = product_id
self.mr_enclave = mr_enclave
self.mr_signer = mr_signer
self.svn = svn
self.enclave_held_data = enclave_held_data
self.sgx_collateral = sgx_collateral
self.deprecated_version = deprecated_version
self.deprecated_is_debuggable = deprecated_is_debuggable
self.deprecated_sgx_collateral = deprecated_sgx_collateral
self.deprecated_enclave_held_data = deprecated_enclave_held_data
self.deprecated_enclave_held_data2 = deprecated_enclave_held_data2
self.deprecated_product_id = deprecated_product_id
self.deprecated_mr_enclave = deprecated_mr_enclave
self.deprecated_mr_signer = deprecated_mr_signer
self.deprecated_svn = deprecated_svn
self.deprecated_tee = deprecated_tee
self.deprecated_policy_signer = deprecated_policy_signer
self.deprecated_policy_hash = deprecated_policy_hash
self.deprecated_rp_data = deprecated_rp_data
class AttestOpenEnclaveRequest(msrest.serialization.Model):
"""Attestation request for Intel SGX enclaves.
:param report: OpenEnclave report from the enclave to be attested.
:type report: bytes
:param runtime_data: Runtime data provided by the enclave at the time of report generation. The
MAA will verify that the first 32 bytes of the report_data field of the quote contains the
SHA256 hash of the decoded "data" field of the runtime data.
:type runtime_data: ~azure.security.attestation.models.RuntimeData
:param init_time_data: Base64Url encoded "InitTime data". The MAA will verify that the init
data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.
:type init_time_data: ~azure.security.attestation.models.InitTimeData
:param draft_policy_for_attestation: Attest against the provided draft policy. Note that the
resulting token cannot be validated.
:type draft_policy_for_attestation: str
:param nonce: Nonce for incoming request - emitted in the generated attestation token.
:type nonce: str
"""
_attribute_map = {
'report': {'key': 'report', 'type': 'base64'},
'runtime_data': {'key': 'runtimeData', 'type': 'RuntimeData'},
'init_time_data': {'key': 'initTimeData', 'type': 'InitTimeData'},
'draft_policy_for_attestation': {'key': 'draftPolicyForAttestation', 'type': 'str'},
'nonce': {'key': 'nonce', 'type': 'str'},
}
def __init__(
self,
*,
report: Optional[bytes] = None,
runtime_data: Optional["RuntimeData"] = None,
init_time_data: Optional["InitTimeData"] = None,
draft_policy_for_attestation: Optional[str] = None,
nonce: Optional[str] = None,
**kwargs
):
super(AttestOpenEnclaveRequest, self).__init__(**kwargs)
self.report = report
self.runtime_data = runtime_data
self.init_time_data = init_time_data
self.draft_policy_for_attestation = draft_policy_for_attestation
self.nonce = nonce
class AttestSgxEnclaveRequest(msrest.serialization.Model):
"""Attestation request for Intel SGX enclaves.
:param quote: Quote of the enclave to be attested.
:type quote: bytes
:param runtime_data: Runtime data provided by the enclave at the time of quote generation. The
MAA will verify that the first 32 bytes of the report_data field of the quote contains the
SHA256 hash of the decoded "data" field of the runtime data.
:type runtime_data: ~azure.security.attestation.models.RuntimeData
:param init_time_data: Initialization data provided when the enclave is created. MAA will
verify that the init data was known to the enclave. Note that InitTimeData is invalid for
CoffeeLake processors.
:type init_time_data: ~azure.security.attestation.models.InitTimeData
:param draft_policy_for_attestation: Attest against the provided draft policy. Note that the
resulting token cannot be validated.
:type draft_policy_for_attestation: str
:param nonce: Nonce for incoming request - emitted in the generated attestation token.
:type nonce: str
"""
_attribute_map = {
'quote': {'key': 'quote', 'type': 'base64'},
'runtime_data': {'key': 'runtimeData', 'type': 'RuntimeData'},
'init_time_data': {'key': 'initTimeData', 'type': 'InitTimeData'},
'draft_policy_for_attestation': {'key': 'draftPolicyForAttestation', 'type': 'str'},
'nonce': {'key': 'nonce', 'type': 'str'},
}
def __init__(
self,
*,
quote: Optional[bytes] = None,
runtime_data: Optional["RuntimeData"] = None,
init_time_data: Optional["InitTimeData"] = None,
draft_policy_for_attestation: Optional[str] = None,
nonce: Optional[str] = None,
**kwargs
):
super(AttestSgxEnclaveRequest, self).__init__(**kwargs)
self.quote = quote
self.runtime_data = runtime_data
self.init_time_data = init_time_data
self.draft_policy_for_attestation = draft_policy_for_attestation
self.nonce = nonce
class CloudError(msrest.serialization.Model):
"""An error response from Attestation.
:param error: An error response from Attestation.
:type error: ~azure.security.attestation.models.CloudErrorBody
"""
_attribute_map = {
'error': {'key': 'error', 'type': 'CloudErrorBody'},
}
def __init__(
self,
*,
error: Optional["CloudErrorBody"] = None,
**kwargs
):
super(CloudError, self).__init__(**kwargs)
self.error = error
class CloudErrorBody(msrest.serialization.Model):
"""An error response from Attestation.
:param code: An identifier for the error. Codes are invariant and are intended to be consumed
programmatically.
:type code: str
:param message: A message describing the error, intended to be suitable for displaying in a
user interface.
:type message: str
"""
_attribute_map = {
'code': {'key': 'code', 'type': 'str'},
'message': {'key': 'message', 'type': 'str'},
}
def __init__(
self,
*,
code: Optional[str] = None,
message: Optional[str] = None,
**kwargs
):
super(CloudErrorBody, self).__init__(**kwargs)
self.code = code
self.message = message
class InitTimeData(msrest.serialization.Model):
"""Defines the "initialization time data" used to provision the attestation target for use by the MAA.
:param data: UTF-8 encoded Initialization Data passed into the trusted environment when it is
created.
:type data: bytes
:param data_type: The type of data contained within the "data" field. Possible values include:
"Binary", "JSON".
:type data_type: str or ~azure.security.attestation.models.DataType
"""
_attribute_map = {
'data': {'key': 'data', 'type': 'base64'},
'data_type': {'key': 'dataType', 'type': 'str'},
}
def __init__(
self,
*,
data: Optional[bytes] = None,
data_type: Optional[Union[str, "DataType"]] = None,
**kwargs
):
super(InitTimeData, self).__init__(**kwargs)
self.data = data
self.data_type = data_type
class JSONWebKey(msrest.serialization.Model):
"""JSONWebKey.
All required parameters must be populated in order to send to Azure.
:param alg: Required. The "alg" (algorithm) parameter identifies the algorithm intended for
use with the key. The values used should either be registered in the
IANA "JSON Web Signature and Encryption Algorithms" registry
established by [JWA] or be a value that contains a Collision-
Resistant Name.
:type alg: str
:param crv: The "crv" (curve) parameter identifies the curve type.
:type crv: str
:param d: RSA private exponent or ECC private key.
:type d: str
:param dp: RSA Private Key Parameter.
:type dp: str
:param dq: RSA Private Key Parameter.
:type dq: str
:param e: RSA public exponent, in Base64.
:type e: str
:param k: Symmetric key.
:type k: str
:param kid: Required. The "kid" (key ID) parameter is used to match a specific key. This
is used, for instance, to choose among a set of keys within a JWK Set
during key rollover. The structure of the "kid" value is
unspecified. When "kid" values are used within a JWK Set, different
keys within the JWK Set SHOULD use distinct "kid" values. (One
example in which different keys might use the same "kid" value is if
they have different "kty" (key type) values but are considered to be
equivalent alternatives by the application using them.) The "kid"
value is a case-sensitive string.
:type kid: str
:param kty: Required. The "kty" (key type) parameter identifies the cryptographic algorithm
family used with the key, such as "RSA" or "EC". "kty" values should
either be registered in the IANA "JSON Web Key Types" registry
established by [JWA] or be a value that contains a Collision-
Resistant Name. The "kty" value is a case-sensitive string.
:type kty: str
:param n: RSA modulus, in Base64.
:type n: str
:param p: RSA secret prime.
:type p: str
:param q: RSA secret prime, with p < q.
:type q: str
:param qi: RSA Private Key Parameter.
:type qi: str
:param use: Required. Use ("public key use") identifies the intended use of
the public key. The "use" parameter is employed to indicate whether
a public key is used for encrypting data or verifying the signature
on data. Values are commonly "sig" (signature) or "enc" (encryption).
:type use: str
:param x: X coordinate for the Elliptic Curve point.
:type x: str
:param x5_c: The "x5c" (X.509 certificate chain) parameter contains a chain of one
or more PKIX certificates [RFC5280]. The certificate chain is
represented as a JSON array of certificate value strings. Each
string in the array is a base64-encoded (Section 4 of [RFC4648] --
not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
The PKIX certificate containing the key value MUST be the first
certificate.
:type x5_c: list[str]
:param y: Y coordinate for the Elliptic Curve point.
:type y: str
"""
_validation = {
'alg': {'required': True},
'kid': {'required': True},
'kty': {'required': True},
'use': {'required': True},
}
_attribute_map = {
'alg': {'key': 'alg', 'type': 'str'},
'crv': {'key': 'crv', 'type': 'str'},
'd': {'key': 'd', 'type': 'str'},
'dp': {'key': 'dp', 'type': 'str'},
'dq': {'key': 'dq', 'type': 'str'},
'e': {'key': 'e', 'type': 'str'},
'k': {'key': 'k', 'type': 'str'},
'kid': {'key': 'kid', 'type': 'str'},
'kty': {'key': 'kty', 'type': 'str'},
'n': {'key': 'n', 'type': 'str'},
'p': {'key': 'p', 'type': 'str'},
'q': {'key': 'q', 'type': 'str'},
'qi': {'key': 'qi', 'type': 'str'},
'use': {'key': 'use', 'type': 'str'},
'x': {'key': 'x', 'type': 'str'},
'x5_c': {'key': 'x5c', 'type': '[str]'},
'y': {'key': 'y', 'type': 'str'},
}
def __init__(
self,
*,
alg: str,
kid: str,
kty: str,
use: str,
crv: Optional[str] = None,
d: Optional[str] = None,
dp: Optional[str] = None,
dq: Optional[str] = None,
e: Optional[str] = None,
k: Optional[str] = None,
n: Optional[str] = None,
p: Optional[str] = None,
q: Optional[str] = None,
qi: Optional[str] = None,
x: Optional[str] = None,
x5_c: Optional[List[str]] = None,
y: Optional[str] = None,
**kwargs
):
super(JSONWebKey, self).__init__(**kwargs)
self.alg = alg
self.crv = crv
self.d = d
self.dp = dp
self.dq = dq
self.e = e
self.k = k
self.kid = kid
self.kty = kty
self.n = n
self.p = p
self.q = q
self.qi = qi
self.use = use
self.x = x
self.x5_c = x5_c
self.y = y
class JSONWebKeySet(msrest.serialization.Model):
"""JSONWebKeySet.
:param keys: The value of the "keys" parameter is an array of JWK values. By
default, the order of the JWK values within the array does not imply
an order of preference among them, although applications of JWK Sets
can choose to assign a meaning to the order for their purposes, if
desired.
:type keys: list[~azure.security.attestation.models.JSONWebKey]
"""
_attribute_map = {
'keys': {'key': 'keys', 'type': '[JSONWebKey]'},
}
def __init__(
self,
*,
keys: Optional[List["JSONWebKey"]] = None,
**kwargs
):
super(JSONWebKeySet, self).__init__(**kwargs)
self.keys = keys
class PolicyCertificatesModificationResult(msrest.serialization.Model):
"""The result of a policy certificate modification.
:param certificate_thumbprint: Hex encoded SHA1 Hash of the binary representation certificate
which was added or removed.
:type certificate_thumbprint: str
:param certificate_resolution: The result of the operation. Possible values include:
"IsPresent", "IsAbsent".
:type certificate_resolution: str or ~azure.security.attestation.models.CertificateModification
"""
_attribute_map = {
'certificate_thumbprint': {'key': 'x-ms-certificate-thumbprint', 'type': 'str'},
'certificate_resolution': {'key': 'x-ms-policycertificates-result', 'type': 'str'},
}
def __init__(
self,
*,
certificate_thumbprint: Optional[str] = None,
certificate_resolution: Optional[Union[str, "CertificateModification"]] = None,
**kwargs
):
super(PolicyCertificatesModificationResult, self).__init__(**kwargs)
self.certificate_thumbprint = certificate_thumbprint
self.certificate_resolution = certificate_resolution
class PolicyCertificatesModifyResponse(msrest.serialization.Model):
"""The response to an attestation policy management API.
:param token: An RFC7519 JSON Web Token structure whose body is a
PolicyCertificatesModificationResult object.
:type token: str
"""
_validation = {
'token': {'pattern': r'[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'},
}
_attribute_map = {
'token': {'key': 'token', 'type': 'str'},
}
def __init__(
self,
*,
token: Optional[str] = None,
**kwargs
):
super(PolicyCertificatesModifyResponse, self).__init__(**kwargs)
self.token = token
class PolicyCertificatesResponse(msrest.serialization.Model):
"""The response to an attestation policy management API.
:param token: An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults object
which contains the certificates used to validate policy changes.
:type token: str
"""
_validation = {
'token': {'pattern': r'[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'},
}
_attribute_map = {
'token': {'key': 'token', 'type': 'str'},
}
def __init__(
self,
*,
token: Optional[str] = None,
**kwargs
):
super(PolicyCertificatesResponse, self).__init__(**kwargs)
self.token = token
class PolicyCertificatesResult(msrest.serialization.Model):
"""The result of a call to retrieve policy certificates.
:param policy_certificates: SHA256 Hash of the binary representation certificate which was
added or removed.
:type policy_certificates: ~azure.security.attestation.models.JSONWebKeySet
"""
_attribute_map = {
'policy_certificates': {'key': 'x-ms-policy-certificates', 'type': 'JSONWebKeySet'},
}
def __init__(
self,
*,
policy_certificates: Optional["JSONWebKeySet"] = None,
**kwargs
):
super(PolicyCertificatesResult, self).__init__(**kwargs)
self.policy_certificates = policy_certificates
class PolicyResponse(msrest.serialization.Model):
"""The response to an attestation policy operation.
:param token: An RFC7519 JSON Web Token structure whose body is an PolicyResult object.
:type token: str
"""
_validation = {
'token': {'pattern': r'[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'},
}
_attribute_map = {
'token': {'key': 'token', 'type': 'str'},
}
def __init__(
self,
*,
token: Optional[str] = None,
**kwargs
):
super(PolicyResponse, self).__init__(**kwargs)
self.token = token
class PolicyResult(msrest.serialization.Model):
"""The result of a policy certificate modification.
:param policy_resolution: The result of the operation. Possible values include: "Updated",
"Removed".
:type policy_resolution: str or ~azure.security.attestation.models.PolicyModification
:param policy_token_hash: The SHA256 hash of the policy object modified.
:type policy_token_hash: bytes
:param policy_signer: The certificate used to sign the policy object, if specified.
:type policy_signer: ~azure.security.attestation.models.JSONWebKey
:param policy: A JSON Web Token containing a StoredAttestationPolicy object with the
attestation policy.
:type policy: str
"""
_validation = {
'policy': {'pattern': r'[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*'},
}
_attribute_map = {
'policy_resolution': {'key': 'x-ms-policy-result', 'type': 'str'},
'policy_token_hash': {'key': 'x-ms-policy-token-hash', 'type': 'base64'},
'policy_signer': {'key': 'x-ms-policy-signer', 'type': 'JSONWebKey'},
'policy': {'key': 'x-ms-policy', 'type': 'str'},
}
def __init__(
self,
*,
policy_resolution: Optional[Union[str, "PolicyModification"]] = None,
policy_token_hash: Optional[bytes] = None,
policy_signer: Optional["JSONWebKey"] = None,
policy: Optional[str] = None,
**kwargs
):
super(PolicyResult, self).__init__(**kwargs)
self.policy_resolution = policy_resolution
self.policy_token_hash = policy_token_hash
self.policy_signer = policy_signer
self.policy = policy
class RuntimeData(msrest.serialization.Model):
"""Defines the "run time data" provided by the attestation target for use by the MAA.
:param data: UTF-8 encoded Runtime Data generated by the trusted environment.
:type data: bytes
:param data_type: The type of data contained within the "data" field. Possible values include:
"Binary", "JSON".
:type data_type: str or ~azure.security.attestation.models.DataType
"""
_attribute_map = {
'data': {'key': 'data', 'type': 'base64'},
'data_type': {'key': 'dataType', 'type': 'str'},
}
def __init__(
self,
*,
data: Optional[bytes] = None,
data_type: Optional[Union[str, "DataType"]] = None,
**kwargs
):
super(RuntimeData, self).__init__(**kwargs)
self.data = data
self.data_type = data_type
class StoredAttestationPolicy(msrest.serialization.Model):
"""StoredAttestationPolicy.
:param attestation_policy: Policy text to set as a sequence of UTF-8 encoded octets.
:type attestation_policy: bytes
"""
_attribute_map = {
'attestation_policy': {'key': 'AttestationPolicy', 'type': 'base64'},
}
def __init__(
self,
*,
attestation_policy: Optional[bytes] = None,
**kwargs
):
super(StoredAttestationPolicy, self).__init__(**kwargs)
self.attestation_policy = attestation_policy
class TpmAttestationRequest(msrest.serialization.Model):
"""Attestation request for Trusted Platform Module (TPM) attestation.
:param data: Protocol data containing artifacts for attestation.
:type data: bytes
"""
_attribute_map = {
'data': {'key': 'data', 'type': 'base64'},
}
def __init__(
self,
*,
data: Optional[bytes] = None,
**kwargs
):
super(TpmAttestationRequest, self).__init__(**kwargs)
self.data = data
class TpmAttestationResponse(msrest.serialization.Model):
"""Attestation response for Trusted Platform Module (TPM) attestation.
:param data: Protocol data containing attestation service response.
:type data: bytes
"""
_attribute_map = {
'data': {'key': 'data', 'type': 'base64'},
}
def __init__(
self,
*,
data: Optional[bytes] = None,
**kwargs
):
super(TpmAttestationResponse, self).__init__(**kwargs)
self.data = data

21
sdk/attestation/azure-security-attestation/azure/security/attestation/operations/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,21 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from ._policy_operations import PolicyOperations
from ._policy_certificates_operations import PolicyCertificatesOperations
from ._attestation_operations import AttestationOperations
from ._signing_certificates_operations import SigningCertificatesOperations
from ._metadata_configuration_operations import MetadataConfigurationOperations
__all__ = [
'PolicyOperations',
'PolicyCertificatesOperations',
'AttestationOperations',
'SigningCertificatesOperations',
'MetadataConfigurationOperations',
]

235
sdk/attestation/azure-security-attestation/azure/security/attestation/operations/_attestation_operations.py Normal file
Просмотреть файл

@ -0,0 +1,235 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from .. import models as _models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Optional, TypeVar
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class AttestationOperations(object):
"""AttestationOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~azure.security.attestation.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = _models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def attest_open_enclave(
self,
request, # type: "_models.AttestOpenEnclaveRequest"
**kwargs # type: Any
):
# type: (...) -> "_models.AttestationResponse"
"""Attest to an SGX enclave.
Processes an OpenEnclave report , producing an artifact. The type of artifact produced is
dependent upon attestation policy.
:param request: Request object containing the quote.
:type request: ~azure.security.attestation.models.AttestOpenEnclaveRequest
:keyword callable cls: A custom type or function that will be passed the direct response
:return: AttestationResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.AttestationResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.AttestationResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.attest_open_enclave.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(request, 'AttestOpenEnclaveRequest')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('AttestationResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
attest_open_enclave.metadata = {'url': '/attest/OpenEnclave'} # type: ignore
def attest_sgx_enclave(
self,
request, # type: "_models.AttestSgxEnclaveRequest"
**kwargs # type: Any
):
# type: (...) -> "_models.AttestationResponse"
"""Attest to an SGX enclave.
Processes an SGX enclave quote, producing an artifact. The type of artifact produced is
dependent upon attestation policy.
:param request: Request object containing the quote.
:type request: ~azure.security.attestation.models.AttestSgxEnclaveRequest
:keyword callable cls: A custom type or function that will be passed the direct response
:return: AttestationResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.AttestationResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.AttestationResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.attest_sgx_enclave.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(request, 'AttestSgxEnclaveRequest')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('AttestationResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
attest_sgx_enclave.metadata = {'url': '/attest/SgxEnclave'} # type: ignore
def attest_tpm(
self,
data=None, # type: Optional[bytes]
**kwargs # type: Any
):
# type: (...) -> "_models.TpmAttestationResponse"
"""Attest a Virtualization-based Security (VBS) enclave.
Processes attestation evidence from a VBS enclave, producing an attestation result. The
attestation result produced is dependent upon the attestation policy.
:param data: Protocol data containing artifacts for attestation.
:type data: bytes
:keyword callable cls: A custom type or function that will be passed the direct response
:return: TpmAttestationResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.TpmAttestationResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.TpmAttestationResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
_request = _models.TpmAttestationRequest(data=data)
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.attest_tpm.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(_request, 'TpmAttestationRequest')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('TpmAttestationResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
attest_tpm.metadata = {'url': '/attest/Tpm'} # type: ignore

96
sdk/attestation/azure-security-attestation/azure/security/attestation/operations/_metadata_configuration_operations.py Normal file
Просмотреть файл

@ -0,0 +1,96 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from .. import models as _models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Optional, TypeVar
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class MetadataConfigurationOperations(object):
"""MetadataConfigurationOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~azure.security.attestation.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = _models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def get(
self,
**kwargs # type: Any
):
# type: (...) -> object
"""Retrieves the OpenID Configuration data for the Azure Attestation Service.
Retrieves metadata about the attestation signing keys in use by the attestation service.
:keyword callable cls: A custom type or function that will be passed the direct response
:return: object, or the result of cls(response)
:rtype: object
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[object]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('object', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/.well-known/openid-configuration'} # type: ignore

226
sdk/attestation/azure-security-attestation/azure/security/attestation/operations/_policy_certificates_operations.py Normal file
Просмотреть файл

@ -0,0 +1,226 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from .. import models as _models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Optional, TypeVar
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class PolicyCertificatesOperations(object):
"""PolicyCertificatesOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~azure.security.attestation.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = _models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def get(
self,
**kwargs # type: Any
):
# type: (...) -> "_models.PolicyCertificatesResponse"
"""Retrieves the set of certificates used to express policy for the current tenant.
Retrieves the set of certificates used to express policy for the current tenant.
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyCertificatesResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyCertificatesResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyCertificatesResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyCertificatesResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/certificates'} # type: ignore
def add(
self,
policy_certificate_to_add, # type: str
**kwargs # type: Any
):
# type: (...) -> "_models.PolicyCertificatesModifyResponse"
"""Adds a new attestation policy certificate to the set of policy management certificates.
Adds a new attestation policy certificate to the set of policy management certificates.
:param policy_certificate_to_add: An RFC7519 JSON Web Token whose body is an RFC7517 JSON Web
Key object. The RFC7519 JWT must be signed with one of the existing signing certificates.
:type policy_certificate_to_add: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyCertificatesModifyResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyCertificatesModifyResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyCertificatesModifyResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.add.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(policy_certificate_to_add, 'str')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyCertificatesModifyResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
add.metadata = {'url': '/certificates:add'} # type: ignore
def remove(
self,
policy_certificate_to_remove, # type: str
**kwargs # type: Any
):
# type: (...) -> "_models.PolicyCertificatesModifyResponse"
"""Removes the specified policy management certificate. Note that the final policy management certificate cannot be removed.
Removes the specified policy management certificate. Note that the final policy management
certificate cannot be removed.
:param policy_certificate_to_remove: An RFC7519 JSON Web Token whose body is an
AttestationCertificateManagementBody object. The RFC7519 JWT must be signed with one of the
existing signing certificates.
:type policy_certificate_to_remove: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyCertificatesModifyResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyCertificatesModifyResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyCertificatesModifyResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.remove.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(policy_certificate_to_remove, 'str')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyCertificatesModifyResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
remove.metadata = {'url': '/certificates:remove'} # type: ignore

238
sdk/attestation/azure-security-attestation/azure/security/attestation/operations/_policy_operations.py Normal file
Просмотреть файл

@ -0,0 +1,238 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from .. import models as _models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Optional, TypeVar, Union
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class PolicyOperations(object):
"""PolicyOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~azure.security.attestation.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = _models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def get(
self,
attestation_type, # type: Union[str, "_models.AttestationType"]
**kwargs # type: Any
):
# type: (...) -> "_models.PolicyResponse"
"""Retrieves the current policy for an attestation type.
Retrieves the current policy for an attestation type.
:param attestation_type: Specifies the trusted execution environment to be used to validate the
evidence.
:type attestation_type: str or ~azure.security.attestation.models.AttestationType
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
'attestationType': self._serialize.url("attestation_type", attestation_type, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/policies/{attestationType}'} # type: ignore
def set(
self,
attestation_type, # type: Union[str, "_models.AttestationType"]
new_attestation_policy, # type: str
**kwargs # type: Any
):
# type: (...) -> "_models.PolicyResponse"
"""Sets the policy for a given attestation type.
Sets the policy for a given attestation type.
:param attestation_type: Specifies the trusted execution environment to be used to validate the
evidence.
:type attestation_type: str or ~azure.security.attestation.models.AttestationType
:param new_attestation_policy: JWT Expressing the new policy whose body is a
StoredAttestationPolicy object.
:type new_attestation_policy: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "text/plain")
accept = "application/json"
# Construct URL
url = self.set.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
'attestationType': self._serialize.url("attestation_type", attestation_type, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(new_attestation_policy, 'str')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
set.metadata = {'url': '/policies/{attestationType}'} # type: ignore
def reset(
self,
attestation_type, # type: Union[str, "_models.AttestationType"]
policy_jws, # type: str
**kwargs # type: Any
):
# type: (...) -> "_models.PolicyResponse"
"""Resets the attestation policy for the specified tenant and reverts to the default policy.
Resets the attestation policy for the specified tenant and reverts to the default policy.
:param attestation_type: Specifies the trusted execution environment to be used to validate the
evidence.
:type attestation_type: str or ~azure.security.attestation.models.AttestationType
:param policy_jws: JSON Web Signature with an empty policy document.
:type policy_jws: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: PolicyResponse, or the result of cls(response)
:rtype: ~azure.security.attestation.models.PolicyResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.PolicyResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-10-01"
content_type = kwargs.pop("content_type", "text/plain")
accept = "application/json"
# Construct URL
url = self.reset.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
'attestationType': self._serialize.url("attestation_type", attestation_type, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(policy_jws, 'str')
body_content_kwargs['content'] = body_content
request = self._client.post(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('PolicyResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
reset.metadata = {'url': '/policies/{attestationType}:reset'} # type: ignore

96
sdk/attestation/azure-security-attestation/azure/security/attestation/operations/_signing_certificates_operations.py Normal file
Просмотреть файл

@ -0,0 +1,96 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from .. import models as _models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Optional, TypeVar
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class SigningCertificatesOperations(object):
"""SigningCertificatesOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~azure.security.attestation.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = _models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def get(
self,
**kwargs # type: Any
):
# type: (...) -> "_models.JSONWebKeySet"
"""Retrieves the attestation signing keys in use by the attestation service.
Retrieves metadata signing certificates in use by the attestation service.
:keyword callable cls: A custom type or function that will be passed the direct response
:return: JSONWebKeySet, or the result of cls(response)
:rtype: ~azure.security.attestation.models.JSONWebKeySet
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["_models.JSONWebKeySet"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
accept = "application/jwk+json, application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'instanceUrl': self._serialize.url("self._config.instance_url", self._config.instance_url, 'str', skip_quote=True),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
error = self._deserialize(_models.CloudError, response)
raise HttpResponseError(response=response, model=error)
deserialized = self._deserialize('JSONWebKeySet', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/certs'} # type: ignore

1
sdk/attestation/azure-security-attestation/azure/security/attestation/py.typed Normal file
Просмотреть файл

@ -0,0 +1 @@
# Marker file for PEP 561.

9
sdk/attestation/azure-security-attestation/dev_requirements.txt Normal file
Просмотреть файл

@ -0,0 +1,9 @@
-e ../../../tools/azure-sdk-tools
aiohttp>=3.0; python_version >= '3.5'
-e ../../../tools/azure-devtools
-e ../../../tools/azure-sdk-tools
../../core/azure-core
cryptography>=2.1.4
aiohttp>=3.0; python_version >= '3.5'
azure-identity
../../security/azure-security-nspkg

8
sdk/attestation/azure-security-attestation/sdk_packaging.toml Normal file
Просмотреть файл

@ -0,0 +1,8 @@
[packaging]
package_name = "azure-security-attestation"
package_nspkg = "azure-security-nspkg"
package_pprint_name = "Microsoft Azure Attestation Dataplane"
package_doc_id = ""
is_stable = false
is_arm = true
need_msrestazure = true

2
sdk/attestation/azure-security-attestation/setup.cfg Normal file
Просмотреть файл

@ -0,0 +1,2 @@
[bdist_wheel]
universal=1

88
sdk/attestation/azure-security-attestation/setup.py Normal file
Просмотреть файл

@ -0,0 +1,88 @@
#!/usr/bin/env python
#-------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#--------------------------------------------------------------------------
import re
import os.path
from io import open
from setuptools import find_packages, setup
# Change the PACKAGE_NAME only to change folder and different name
PACKAGE_NAME = "azure-security-attestation"
PACKAGE_PPRINT_NAME = "Attestation"
# a-b-c => a/b/c
package_folder_path = PACKAGE_NAME.replace('-', '/')
# a-b-c => a.b.c
namespace_name = PACKAGE_NAME.replace('-', '.')
# azure v0.x is not compatible with this package
# azure v0.x used to have a __version__ attribute (newer versions don't)
try:
import azure
try:
ver = azure.__version__
raise Exception(
'This package is incompatible with azure=={}. '.format(ver) +
'Uninstall it with "pip uninstall azure".'
)
except AttributeError:
pass
except ImportError:
pass
# Version extraction inspired from 'requests'
with open(os.path.join(package_folder_path, '_version.py'), 'r') as fd:
version = re.search(r'^VERSION\s*=\s*[\'"]([^\'"]*)[\'"]',
fd.read(), re.MULTILINE).group(1)
if not version:
raise RuntimeError('Cannot find version information')
with open('README.md', encoding='utf-8') as f:
readme = f.read()
with open('CHANGELOG.md', encoding='utf-8') as f:
changelog = f.read()
setup(
name=PACKAGE_NAME,
version=version,
description='Microsoft Azure {} Client Library for Python'.format(PACKAGE_PPRINT_NAME),
long_description=readme + '\n\n' + changelog,
long_description_content_type='text/markdown',
license='MIT License',
author='Microsoft Corporation',
author_email='azpysdkhelp@microsoft.com',
url='https://github.com/Azure/azure-sdk-for-python',
classifiers=[
'Development Status :: 4 - Beta',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',
'Programming Language :: Python :: 3.8',
'Programming Language :: Python :: 3.9',
'License :: OSI Approved :: MIT License',
],
zip_safe=False,
packages=find_packages(exclude=[
'tests',
# Exclude packages that will be covered by PEP420 or nspkg
'azure',
'azure.security',
]),
install_requires=[
"azure-core<2.0.0,>=1.8.2",
"msrest>=0.6.0",
],
extras_require={
":python_version<'3.0'": ['azure-security-nspkg'],
}
)

32
sdk/attestation/azure-security-attestation/tests/recordings/test_azure_attestation.test_aad_get_policy_management_signers.yaml Normal file
Просмотреть файл

@ -0,0 +1,32 @@
interactions:
- request:
body: null
headers:
Accept:
- application/json
Accept-Encoding:
- gzip, deflate
Connection:
- keep-alive
User-Agent:
- azsdk-python-security-attestation/1.0.0b1 Python/3.9.0 (Windows-10-10.0.19041-SP0)
method: GET
uri: https://fakeresource.wus.attest.azure.net/certificates?api-version=2020-10-01
response:
body:
string: '{"token":"eyJhbGciOiAiUlMyNTYiLCAiamt1IjogImh0dHBzOi8vcHlsYXJyeW9hdHRlc3RhdGlvbmFhZC53dXMuYXR0ZXN0LmF6dXJlLm5ldC9jZXJ0cyIsICJraWQiOiAiMTVOMk1Ib2o5aUFka0YvYzVuUkUzSjJIQjhKRzZWdWUzVXp2dTNLL1Nlcz0iLCAidHlwIjogIkpXVCJ9.eyJleHAiOiAxNjA3NjI3NDE3LCAiaWF0IjogMTYwNzYyMzgxNywgImlzcyI6ICJodHRwczovL3B5bGFycnlvYXR0ZXN0YXRpb25hYWQud3VzLmF0dGVzdC5henVyZS5uZXQiLCAibmJmIjogMTYwNzYyMzgxNywgIngtbXMtcG9saWN5LWNlcnRpZmljYXRlcyI6IHsia2V5cyI6IFtdfX0.As_5hIHROW75T2CLnx_OZ7siycDsyH29-iX4vp0G5oJeDap7NbqxzNMQKY3NsayORBjVGySdqHpgwlbrQ1gYr9iHB-V7YbkXW3t4xO8RaX5G2iM9f_jeV0m36EBr_ohX7e3ePtVdKhtvWJ7nPPr3cZJjzhdXxLRlHN2DtX1UW1M"}'
headers:
content-length:
- '604'
content-type:
- application/json; charset=utf-8
date:
- Thu, 10 Dec 2020 18:10:17 GMT
server:
- Kestrel
x-ms-maa-service-version:
- 1.10.01432.0002
status:
code: 200
message: OK
version: 1

32
sdk/attestation/azure-security-attestation/tests/recordings/test_azure_attestation.test_aad_get_policy_sgx.yaml Normal file
Просмотреть файл

@ -0,0 +1,32 @@
interactions:
- request:
body: null
headers:
Accept:
- application/json
Accept-Encoding:
- gzip, deflate
Connection:
- keep-alive
User-Agent:
- azsdk-python-security-attestation/1.0.0b1 Python/3.9.0 (Windows-10-10.0.19041-SP0)
method: GET
uri: https://fakeresource.wus.attest.azure.net/policies/SgxEnclave?api-version=2020-10-01
response:
body:
string: '{"token":"eyJhbGciOiAiUlMyNTYiLCAiamt1IjogImh0dHBzOi8vcHlsYXJyeW9hdHRlc3RhdGlvbmFhZC53dXMuYXR0ZXN0LmF6dXJlLm5ldC9jZXJ0cyIsICJraWQiOiAiMTVOMk1Ib2o5aUFka0YvYzVuUkUzSjJIQjhKRzZWdWUzVXp2dTNLL1Nlcz0iLCAidHlwIjogIkpXVCJ9.eyJleHAiOiAxNjA3NjI3NDE5LCAiaWF0IjogMTYwNzYyMzgxOSwgImlzcyI6ICJodHRwczovL3B5bGFycnlvYXR0ZXN0YXRpb25hYWQud3VzLmF0dGVzdC5henVyZS5uZXQiLCAibmJmIjogMTYwNzYyMzgxOSwgIngtbXMtcG9saWN5IjogImV5SmhiR2NpT2lKdWIyNWxJbjAuZXlKQmRIUmxjM1JoZEdsdmJsQnZiR2xqZVNJNklDSmtiVlo1WXpKc2RtSnFNR2ROVXpSM1R6SkdNV1JIYUhaamJXdzJXVmhTY0dJeU5YbGtWM2hzWXpOMGFrOXNkREJsV0VKc1VGUXdhVXBIYkhwTVYxSnNXVzVXYmxveVJtbGlSMVZwV0ZOQk9WQnBRbmRhV0VwMFlWaFJiMHRVZERsUE1teDZZek5XYUdKdFRteGpibFp6V2xoT04xbDZjR0prU0d4M1dsUXdPVWxwVW5CamVURnJXbGRLTVZveVpHaFpiWGhzU1d3d1oxQlVOR2RoV0U1NlpGZFZiMlJJYkhkYVZEQnBZVmhOZEZwSFZtbGtWMlJ1V1ZkS2MxcFRTWE5KU0Zwb1lraFdiRkJYVFhWa2JVWnpaRmRWY0U4eVRUWlhNMUkxWTBkVk9WQlRTV3RqTW1RMFRGY3hlV015Ykc1aWJWWjVTV3d3WjFCVU5HZGhXRTU2WkZkVmIyUkliSGRhVkRCcFl6SmtORXhYTVhsak1teHVZbTFXZVVscGQyZGtiVVp6WkZkVk9WbDVOVEpaVjNneFdsTnJOMWw2Y0dKa1NHeDNXbFF3T1VscFVucGFNMmQwWWxoS2JHSnRUbk5aV0Zwc1NXd3daMUJVTkdkaFdFNTZaRmRWYjJSSWJIZGFWREJwWXpKa05FeFhNWGxhVnpWcVlrZEdNbHBUU1hOSlNGcG9Za2hXYkZCWFRYVmtiVVp6WkZkVmNFOHlUVFpYTTFJMVkwZFZPVkJUU1d0alNFcDJXa2hXYW1SRE1YQmFRMHBrU1VRd0xVbEhiSHBqTTFac1MwaFNOV05IVlRsSmJrSjVZakpTTVZrelVYUmhWMUZwVEVOQ01sbFhlREZhVkRGcVRHNWFhR0pJVm14TFZIUnFUMngwTUdWWVFteFFWREJwU2toT01tSnBTbVJKUkRBdFNVZHNlbU16Vm14TFNGSTFZMGRWT1VsdVRqSmlhVWx6U1VoYWFHSklWbXhRVjAxMVpHMUdjMlJYVlhCUE1rMDJWek5TTldOSFZUbFFVMGxyWkVkV2JFbHNNR2RRVkRSbllWaE9lbVJYVlc5a1NHeDNXbFF3YVdSSFZteEphWGRuWkcxR2MyUlhWVGxaZVRVeVdWZDRNVnBUYXpkbVZITWlmUS4ifQ.WxQouV6-hQCWim1rds83LE4q_bT7oXF8m4_VHMB74bhIpx3Y4YqoVaQDB_GrV49B2GmGEzvIvt_iKJ91h1YUY0EVW4cj0tZgzX4J-m_eEHQj-_xP9JmPOeNAuP2Z8oin0XYpiltY5IbN7Wcde5pT9Z_CPb9qzwlVFROPIN0Wta0"}'
headers:
content-length:
- '1783'
content-type:
- application/json; charset=utf-8
date:
- Thu, 10 Dec 2020 18:10:19 GMT
server:
- Kestrel
x-ms-maa-service-version:
- 1.10.01432.0002
status:
code: 200
message: OK
version: 1

32
sdk/attestation/azure-security-attestation/tests/recordings/test_azure_attestation.test_aad_getsigningcertificates.yaml Normal file
Просмотреть файл

Различия файлов скрыты, потому что одна или несколько строк слишком длинны

32
sdk/attestation/azure-security-attestation/tests/recordings/test_azure_attestation.test_isolated_get_policy_management_signers.yaml Normal file
Просмотреть файл

@ -0,0 +1,32 @@
interactions:
- request:
body: null
headers:
Accept:
- application/json
Accept-Encoding:
- gzip, deflate
Connection:
- keep-alive
User-Agent:
- azsdk-python-security-attestation/1.0.0b1 Python/3.9.0 (Windows-10-10.0.19041-SP0)
method: GET
uri: https://fakeresource.wus.attest.azure.net/certificates?api-version=2020-10-01
response:
body:
string: '{"token":"eyJhbGciOiAiUlMyNTYiLCAiamt1IjogImh0dHBzOi8vcHlsYXJyeW9hdHRlc3RhdGlvbmlzby53dXMuYXR0ZXN0LmF6dXJlLm5ldC9jZXJ0cyIsICJraWQiOiAiMTVOMk1Ib2o5aUFka0YvYzVuUkUzSjJIQjhKRzZWdWUzVXp2dTNLL1Nlcz0iLCAidHlwIjogIkpXVCJ9.eyJleHAiOiAxNjA3NjI3NDI0LCAiaWF0IjogMTYwNzYyMzgyNCwgImlzcyI6ICJodHRwczovL3B5bGFycnlvYXR0ZXN0YXRpb25pc28ud3VzLmF0dGVzdC5henVyZS5uZXQiLCAibmJmIjogMTYwNzYyMzgyNCwgIngtbXMtcG9saWN5LWNlcnRpZmljYXRlcyI6IHsia2V5cyI6IFt7ImFsZyI6ICJSUzI1NiIsICJrdHkiOiAiUlNBIiwgInVzZSI6ICJzaWciLCAieDVjIjogWyJNSUlDK0RDQ0FlQ2dBd0lCQWdJSVcyRlVtbXdlckE4d0RRWUpLb1pJaHZjTkFRRUxCUUF3TXpFeE1DOEdBMVVFQXhNb1FYUjBaWE4wWVhScGIyNUpjMjlzWVhSbFpFMWhibUZuWlcxbGJuUkRaWEowYVdacFkyRjBaVEFlRncweU1ERXlNRGN4T0RNMU1qWmFGdzB5TVRFeU1EY3hPRE0xTWpaYU1ETXhNVEF2QmdOVkJBTVRLRUYwZEdWemRHRjBhVzl1U1hOdmJHRjBaV1JOWVc1aFoyVnRaVzUwUTJWeWRHbG1hV05oZEdVd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURFcGQ0anFydVFrWUttdmpmbzBFbHlaeHIxbmV4dWE5SCtsdUR0NFc2T3Fidng0NkQ3bW0wYTRTWHNuaG9Kd2ZQdVdCNDFBUjB2dHZLSlV3RnpVaTM4SHZpdFN4Y2V0Y0xoRlEySVhONVhUV1VDZ2hCdDZFN3ZzWWlFMXJ2YmJ3RjNWckdqbndvQ2NuRGRpMXpOdjlGMkRrWmZJM0VOQzI2WHFXTU8ycUhoUkp4T2d2MVNJMVVUZ2w4NWxHMVRBdDhWZWd4NU9CT2dEa3FnTERjNUVsY2taL2svRnA2SUJMcWRTVzBZTVhRWC9iNjZJM2Jnd0l5aTc5ejNWalUvd3IrTVQ2VTN0ZXIveUhiNDFzY2tPVFdnSlRSVjZFbVFUWGFySDIvMXExSmdzTy9yNHV2dEhuNVloM1B5RnhnTjZhZ1ljTVRnYzB0ZkphdTladWR1VGVpbEFnTUJBQUdqRURBT01Bd0dBMVVkRXdRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUdOcWduMGVNYUt4elREdVlCY3MybFlOQTlYQ09ZMyswZi9TelhhNTZ1VHhJWG90VE5TRlh5TlVGeUw1K0EzMW83Y3RoM3lIck9zU1FYUnRmUjVKOExXdlNlOGkreHFuOVd1ckFxTDNOZ1o0bVVLbVl1N0c0d2U4b0NGYUtNZ3R4akt3cDhvNHBIbS9vNG5TUlV6K3psU3NOYmU1VFpoYk5lQUpkeU5VdHdvRVpReWVFQXEyMitPSUErYUxDdEMxUE9WRTBXblQzOUYwYlhaLzM4OGVpa2RZalpUTGVYOExtejFFT3huL3E4aUpEbGdIM09jN2VQUE4xZkk1QUg2ejlHOEZYRkhVSUVPY0dGV1l6bFhGZUdYcXZPSHZLV0c1S1gwSitLUTBIZWY0UHh6SmY4cDJSTUNyWU5DWWFlSGxUYTYrRnQ4YU1Ca2NrN05hQmVzWFZLOD0iXX1dfX0.UxISbfzH6CjNPIaHDUYfPI8LcR-FkQlN_Qik9zBrlx9st46jE03tAr7XSXvWt5ucxtglGF5SigwDkxQ9A36_PbDiP-JNIbtj3mnrGuXGb4IaS3bLLgCZkvIa-GZPDj0k6wbK2BgHDsn3Utu1b1m4RB3HQktPXZcs2OydiOurJNI"}'
headers:
content-length:
- '2040'
content-type:
- application/json; charset=utf-8
date:
- Thu, 10 Dec 2020 18:10:24 GMT
server:
- Kestrel
x-ms-maa-service-version:
- 1.10.01432.0002
status:
code: 200
message: OK
version: 1

32
sdk/attestation/azure-security-attestation/tests/recordings/test_azure_attestation.test_isolated_get_policy_sgx.yaml Normal file
Просмотреть файл

@ -0,0 +1,32 @@
interactions:
- request:
body: null
headers:
Accept:
- application/json
Accept-Encoding:
- gzip, deflate
Connection:
- keep-alive
User-Agent:
- azsdk-python-security-attestation/1.0.0b1 Python/3.9.0 (Windows-10-10.0.19041-SP0)
method: GET
uri: https://fakeresource.wus.attest.azure.net/policies/SgxEnclave?api-version=2020-10-01
response:
body:
string: '{"token":"eyJhbGciOiAiUlMyNTYiLCAiamt1IjogImh0dHBzOi8vcHlsYXJyeW9hdHRlc3RhdGlvbmlzby53dXMuYXR0ZXN0LmF6dXJlLm5ldC9jZXJ0cyIsICJraWQiOiAiMTVOMk1Ib2o5aUFka0YvYzVuUkUzSjJIQjhKRzZWdWUzVXp2dTNLL1Nlcz0iLCAidHlwIjogIkpXVCJ9.eyJleHAiOiAxNjA3NjI3NDI2LCAiaWF0IjogMTYwNzYyMzgyNiwgImlzcyI6ICJodHRwczovL3B5bGFycnlvYXR0ZXN0YXRpb25pc28ud3VzLmF0dGVzdC5henVyZS5uZXQiLCAibmJmIjogMTYwNzYyMzgyNiwgIngtbXMtcG9saWN5IjogImV5SmhiR2NpT2lKdWIyNWxJbjAuZXlKQmRIUmxjM1JoZEdsdmJsQnZiR2xqZVNJNklDSmtiVlo1WXpKc2RtSnFNR2ROVXpSM1R6SkdNV1JIYUhaamJXdzJXVmhTY0dJeU5YbGtWM2hzWXpOMGFrOXNkREJsV0VKc1VGUXdhVXBIYkhwTVYxSnNXVzVXYmxveVJtbGlSMVZwV0ZOQk9WQnBRbmRhV0VwMFlWaFJiMHRVZERsUE1teDZZek5XYUdKdFRteGpibFp6V2xoT04xbDZjR0prU0d4M1dsUXdPVWxwVW5CamVURnJXbGRLTVZveVpHaFpiWGhzU1d3d1oxQlVOR2RoV0U1NlpGZFZiMlJJYkhkYVZEQnBZVmhOZEZwSFZtbGtWMlJ1V1ZkS2MxcFRTWE5KU0Zwb1lraFdiRkJYVFhWa2JVWnpaRmRWY0U4eVRUWlhNMUkxWTBkVk9WQlRTV3RqTW1RMFRGY3hlV015Ykc1aWJWWjVTV3d3WjFCVU5HZGhXRTU2WkZkVmIyUkliSGRhVkRCcFl6SmtORXhYTVhsak1teHVZbTFXZVVscGQyZGtiVVp6WkZkVk9WbDVOVEpaVjNneFdsTnJOMWw2Y0dKa1NHeDNXbFF3T1VscFVucGFNMmQwWWxoS2JHSnRUbk5aV0Zwc1NXd3daMUJVTkdkaFdFNTZaRmRWYjJSSWJIZGFWREJwWXpKa05FeFhNWGxhVnpWcVlrZEdNbHBUU1hOSlNGcG9Za2hXYkZCWFRYVmtiVVp6WkZkVmNFOHlUVFpYTTFJMVkwZFZPVkJUU1d0alNFcDJXa2hXYW1SRE1YQmFRMHBrU1VRd0xVbEhiSHBqTTFac1MwaFNOV05IVlRsSmJrSjVZakpTTVZrelVYUmhWMUZwVEVOQ01sbFhlREZhVkRGcVRHNWFhR0pJVm14TFZIUnFUMngwTUdWWVFteFFWREJwU2toT01tSnBTbVJKUkRBdFNVZHNlbU16Vm14TFNGSTFZMGRWT1VsdVRqSmlhVWx6U1VoYWFHSklWbXhRVjAxMVpHMUdjMlJYVlhCUE1rMDJWek5TTldOSFZUbFFVMGxyWkVkV2JFbHNNR2RRVkRSbllWaE9lbVJYVlc5a1NHeDNXbFF3YVdSSFZteEphWGRuWkcxR2MyUlhWVGxaZVRVeVdWZDRNVnBUYXpkbVZITWlmUS4ifQ.WdWNmJU_GO_djtp2XI5gXxgDho-roroddjTVUXuDhd5SyUyctzbIg9VtxXCAvgziZ8_8OvHOXk7asoz7wq4XqL2VdSQHEkThSL8j1XXBqljRmJgWHNV1r4W4NixY3-j-bP7lw7aKWe-cS8NGn4tIerXBrELqZkKbRfK7aXDmL0E"}'
headers:
content-length:
- '1783'
content-type:
- application/json; charset=utf-8
date:
- Thu, 10 Dec 2020 18:10:25 GMT
server:
- Kestrel
x-ms-maa-service-version:
- 1.10.01432.0002
status:
code: 200
message: OK
version: 1

32
sdk/attestation/azure-security-attestation/tests/recordings/test_azure_attestation.test_isolated_getsigningcertificates.yaml Normal file
Просмотреть файл

Различия файлов скрыты, потому что одна или несколько строк слишком длинны

32
sdk/attestation/azure-security-attestation/tests/recordings/test_azure_attestation.test_shared_get_policy_management_signers.yaml Normal file
Просмотреть файл

@ -0,0 +1,32 @@
interactions:
- request:
body: null
headers:
Accept:
- application/json
Accept-Encoding:
- gzip, deflate
Connection:
- keep-alive
User-Agent:
- azsdk-python-security-attestation/1.0.0b1 Python/3.9.0 (Windows-10-10.0.19041-SP0)
method: GET
uri: https://shareduks.uks.test.attest.azure.net/certificates?api-version=2020-10-01
response:
body:
string: '{"token":"eyJhbGciOiAiUlMyNTYiLCAiamt1IjogImh0dHBzOi8vc2hhcmVkdWtzLnVrcy50ZXN0LmF0dGVzdC5henVyZS5uZXQvY2VydHMiLCAia2lkIjogIjNvNE91bjB2SEZHZTF1Rms1MDNKK1EwVE1wZ1NGMncrM1dYUlYyM2IvckE9IiwgInR5cCI6ICJKV1QifQ.eyJleHAiOiAxNjA3NjI3NDMxLCAiaWF0IjogMTYwNzYyMzgzMSwgImlzcyI6ICJodHRwczovL3NoYXJlZHVrcy51a3MudGVzdC5hdHRlc3QuYXp1cmUubmV0IiwgIm5iZiI6IDE2MDc2MjM4MzEsICJ4LW1zLXBvbGljeS1jZXJ0aWZpY2F0ZXMiOiB7ImtleXMiOiBbXX19.JCg0mAjDoNBXkWWHPeSusPUICJfeWn47Ol8hjfJwZPSdCDp9cOLUliC56tpCIv5UvabxKWO002_kfZf_wqU4mSHAQ2Z4EHTdJD_ob3z1B9KK0VqJgPlsGGDUes0oD83768cvVHvyJGePaqICVDd7ltGZb-a--_ohiM8N8pnJZ9Q"}'
headers:
content-length:
- '583'
content-type:
- application/json; charset=utf-8
date:
- Thu, 10 Dec 2020 18:10:31 GMT
server:
- Kestrel
x-ms-maa-service-version:
- 1.10.01439.0001
status:
code: 200
message: OK
version: 1

32
sdk/attestation/azure-security-attestation/tests/recordings/test_azure_attestation.test_shared_get_policy_sgx.yaml Normal file
Просмотреть файл

@ -0,0 +1,32 @@
interactions:
- request:
body: null
headers:
Accept:
- application/json
Accept-Encoding:
- gzip, deflate
Connection:
- keep-alive
User-Agent:
- azsdk-python-security-attestation/1.0.0b1 Python/3.9.0 (Windows-10-10.0.19041-SP0)
method: GET
uri: https://shareduks.uks.test.attest.azure.net/policies/SgxEnclave?api-version=2020-10-01
response:
body:
string: '{"token":"eyJhbGciOiAiUlMyNTYiLCAiamt1IjogImh0dHBzOi8vc2hhcmVkdWtzLnVrcy50ZXN0LmF0dGVzdC5henVyZS5uZXQvY2VydHMiLCAia2lkIjogIjNvNE91bjB2SEZHZTF1Rms1MDNKK1EwVE1wZ1NGMncrM1dYUlYyM2IvckE9IiwgInR5cCI6ICJKV1QifQ.eyJleHAiOiAxNjA3NjI3NDMzLCAiaWF0IjogMTYwNzYyMzgzMywgImlzcyI6ICJodHRwczovL3NoYXJlZHVrcy51a3MudGVzdC5hdHRlc3QuYXp1cmUubmV0IiwgIm5iZiI6IDE2MDc2MjM4MzMsICJ4LW1zLXBvbGljeSI6ICJleUpoYkdjaU9pSnViMjVsSW4wLmV5SkJkSFJsYzNSaGRHbHZibEJ2YkdsamVTSTZJQ0prYlZaNVl6SnNkbUpxTUdkTlV6UjNUekpHTVdSSGFIWmpiV3cyV1ZoU2NHSXlOWGxrVjNoc1l6TjBhazlzZERCbFdFSnNVRlF3YVVwSGJIcE1WMUpzV1c1V2Jsb3lSbWxpUjFWcFdGTkJPVkJwUW5kYVdFcDBZVmhSYjB0VWREbFBNbXg2WXpOV2FHSnRUbXhqYmxaeldsaE9OMWw2Y0dKa1NHeDNXbFF3T1VscFVuQmplVEZyV2xkS01Wb3laR2haYlhoc1NXd3daMUJVTkdkaFdFNTZaRmRWYjJSSWJIZGFWREJwWVZoTmRGcEhWbWxrVjJSdVdWZEtjMXBUU1hOSlNGcG9Za2hXYkZCWFRYVmtiVVp6WkZkVmNFOHlUVFpYTTFJMVkwZFZPVkJUU1d0ak1tUTBURmN4ZVdNeWJHNWliVlo1U1d3d1oxQlVOR2RoV0U1NlpGZFZiMlJJYkhkYVZEQnBZekprTkV4WE1YbGpNbXh1WW0xV2VVbHBkMmRrYlVaelpGZFZPVmw1TlRKWlYzZ3hXbE5yTjFsNmNHSmtTR3gzV2xRd09VbHBVbnBhTTJkMFlsaEtiR0p0VG5OWldGcHNTV3d3WjFCVU5HZGhXRTU2WkZkVmIyUkliSGRhVkRCcFl6SmtORXhYTVhsYVZ6VnFZa2RHTWxwVFNYTkpTRnBvWWtoV2JGQlhUWFZrYlVaelpGZFZjRTh5VFRaWE0xSTFZMGRWT1ZCVFNXdGpTRXAyV2toV2FtUkRNWEJhUTBwa1NVUXdMVWxIYkhwak0xWnNTMGhTTldOSFZUbEpia0o1WWpKU01Wa3pVWFJoVjFGcFRFTkNNbGxYZURGYVZERnFURzVhYUdKSVZteExWSFJxVDJ4ME1HVllRbXhRVkRCcFNraE9NbUpwU21SSlJEQXRTVWRzZW1NelZteExTRkkxWTBkVk9VbHVUakppYVVselNVaGFhR0pJVm14UVYwMTFaRzFHYzJSWFZYQlBNazAyVnpOU05XTkhWVGxRVTBsclpFZFdiRWxzTUdkUVZEUm5ZVmhPZW1SWFZXOWtTR3gzV2xRd2FXUkhWbXhKYVhkblpHMUdjMlJYVlRsWmVUVXlXVmQ0TVZwVGF6ZG1WSE1pZlEuIn0.XFTJ_DyIKhzqzxQuung3iGV27HHf6DQxBjgiQ5Hh1HA7gz6362iNSo90B6l5T_LMmZ4srS6FgL1471YWSj28-OVy9C_sm5dHeWIXZaLQHi-tRCGXAi0iSOZwRfRuKa_kKZaZiJ4OtVystH2ainqXaVgNGD-E-n0v9qJbHzF56o0"}'
headers:
content-length:
- '1762'
content-type:
- application/json; charset=utf-8
date:
- Thu, 10 Dec 2020 18:10:33 GMT
server:
- Kestrel
x-ms-maa-service-version:
- 1.10.01439.0001
status:
code: 200
message: OK
version: 1

32
sdk/attestation/azure-security-attestation/tests/recordings/test_azure_attestation.test_shared_getsigningcertificates.yaml Normal file
Просмотреть файл

Различия файлов скрыты, потому что одна или несколько строк слишком длинны

308
sdk/attestation/azure-security-attestation/tests/test_azure_attestation.py Normal file
Просмотреть файл

@ -0,0 +1,308 @@
# coding: utf-8
#-------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#--------------------------------------------------------------------------
# TEST SCENARIO COVERAGE
# ----------------------
# Methods Total : 7
# Methods Covered : 7
# Examples Total : 7
# Examples Tested : 7
# Coverage % : 100
# ----------------------
import unittest
from devtools_testutils import AzureTestCase, ResourceGroupPreparer, PowerShellPreparer
import functools
import json
import cryptography
import cryptography.x509
import base64
import jwt
import pytest
from azure.security.attestation import AttestationClient
from azure.security.attestation.models import AttestationType
import azure.security.attestation.models
AttestationPreparer = functools.partial(
PowerShellPreparer, "attestation",
# attestation_azure_authority_host='xxx',
# attestation_resource_group='yyyy',
# attestation_subscription_id='xxx',
# attestation_location_short_name='xxx',
# attestation_environment='AzureCloud',
attestation_policy_signing_key0='keyvalue',
attestation_policy_signing_key1='keyvalue',
attestation_policy_signing_key2='keyvalue',
attestation_policy_signing_certificate0='more junk',
attestation_policy_signing_certificate1='more junk',
attestation_policy_signing_certificate2='more junk',
attestation_serialized_policy_signing_key0="junk",
attestation_serialized_policy_signing_key1="junk",
attestation_serialized_policy_signing_key2="junk",
attestation_serialized_isolated_signing_key='yyyy',
attestation_isolated_signing_key='xxxx',
attestation_isolated_signing_certificate='xxxx',
attestation_service_management_url='https://management.core.windows.net/',
# attestation_location='xxxx',
attestation_client_id='xxxx',
attestation_client_secret='secret',
attestation_tenant_id='tenant',
attestation_isolated_url='https://fakeresource.wus.attest.azure.net',
attestation_aad_url='https://fakeresource.wus.attest.azure.net',
# attestation_resource_manager_url='https://resourcemanager/zzz'
)
class AzureAttestationTest(AzureTestCase):
def setUp(self):
super(AzureAttestationTest, self).setUp()
@pytest.mark.live_test_only
def test_shared_getopenidmetadata(self):
attest_client = self.shared_client()
open_id_metadata = attest_client.metadata_configuration.get()
print ('{}'.format(open_id_metadata))
assert open_id_metadata["response_types_supported"] is not None
assert open_id_metadata["jwks_uri"] == self.shared_base_uri()+"/certs"
assert open_id_metadata["issuer"] == self.shared_base_uri()
@AttestationPreparer()
@pytest.mark.live_test_only
def test_aad_getopenidmetadata(self, attestation_aad_url):
attest_client = self.create_client(attestation_aad_url)
open_id_metadata = attest_client.metadata_configuration.get()
print ('{}'.format(open_id_metadata))
assert open_id_metadata["response_types_supported"] is not None
assert open_id_metadata["jwks_uri"] == attestation_aad_url+"/certs"
assert open_id_metadata["issuer"] == attestation_aad_url
@AttestationPreparer()
@pytest.mark.live_test_only
def test_isolated_getopenidmetadata(self, attestation_isolated_url):
attest_client = self.create_client(attestation_isolated_url)
open_id_metadata = attest_client.metadata_configuration.get()
print ('{}'.format(open_id_metadata))
assert open_id_metadata["response_types_supported"] is not None
assert open_id_metadata["jwks_uri"] == attestation_isolated_url+"/certs"
assert open_id_metadata["issuer"] == attestation_isolated_url
def test_shared_getsigningcertificates(self):
attest_client = self.shared_client()
signing_certificates = attest_client.signing_certificates.get()
print ('{}'.format(signing_certificates))
assert signing_certificates.keys is not None
assert len(signing_certificates.keys) != 0
for key in signing_certificates.keys:
assert key.x5_c is not None
x5cs = key.x5_c
assert len(x5cs) >= 1
print('Found key with x5c, length = ', len(x5cs))
for x5c in x5cs:
der_cert = base64.b64decode(x5c)
cert = cryptography.x509.load_der_x509_certificate(der_cert)
print('Cert iss:', cert.issuer, '; subject:', cert.subject)
@AttestationPreparer()
def test_aad_getsigningcertificates(self, attestation_aad_url):
# attest_client = self.aad_client()
attest_client = self.create_client(attestation_aad_url)
signing_certificates = attest_client.signing_certificates.get()
print ('{}'.format(signing_certificates))
assert signing_certificates.keys is not None
assert len(signing_certificates.keys) != 0
for key in signing_certificates.keys:
assert key.x5_c is not None
x5cs = key.x5_c
assert len(x5cs) >= 1
print('Found key with x5c, length = ', len(x5cs))
for x5c in x5cs:
der_cert = base64.b64decode(x5c)
cert = cryptography.x509.load_der_x509_certificate(der_cert)
print('Cert iss:', cert.issuer, '; subject:', cert.subject)
@AttestationPreparer()
def test_isolated_getsigningcertificates(self, attestation_isolated_url):
attest_client = self.create_client(attestation_isolated_url)
signing_certificates = attest_client.signing_certificates.get()
print ('{}'.format(signing_certificates))
assert signing_certificates.keys is not None
assert len(signing_certificates.keys) != 0
for key in signing_certificates.keys:
assert key.x5_c is not None
x5cs = key.x5_c
assert len(x5cs) >= 1
print('Found key with x5c, length = ', len(x5cs))
for x5c in x5cs:
der_cert = base64.b64decode(x5c)
cert = cryptography.x509.load_der_x509_certificate(der_cert)
print('Cert iss:', cert.issuer, '; subject:', cert.subject)
def test_shared_get_policy_sgx(self):
attest_client = self.shared_client()
default_policy_response = attest_client.policy.get(AttestationType.SGX_ENCLAVE)
default_policy = default_policy_response.token
policy_token = jwt.decode(
default_policy,
options={"verify_signature":False, 'verify_exp': False},
leeway=10,
algorithms=["none", "RS256"])
verifyToken=True
unverified_header = jwt.get_unverified_header(policy_token["x-ms-policy"])
if (unverified_header.get('alg')=='none'):
verifyToken = False
policyjwt = jwt.decode(
policy_token["x-ms-policy"],
leeway=10,
algorithms=["none", "RS256"],
options={"verify_signature":False, 'verify_exp': False})
base64urlpolicy = policyjwt.get("AttestationPolicy")
policy = Base64Url.decode(encoded=base64urlpolicy)
print("Default Policy: ", policy)
@AttestationPreparer()
def test_isolated_get_policy_sgx(self, attestation_isolated_url):
attest_client = self.create_client(attestation_isolated_url)
default_policy_response = attest_client.policy.get(AttestationType.SGX_ENCLAVE)
default_policy = default_policy_response.token
policy_token = jwt.decode(
default_policy,
options={"verify_signature":False, "verify_exp": False},
leeway=10,
algorithms=["none", "RS256"])
verifyToken=True
unverified_header = jwt.get_unverified_header(policy_token["x-ms-policy"])
if (unverified_header.get('alg')=='none'):
verifyToken = False
policyjwt = jwt.decode(
policy_token["x-ms-policy"],
leeway=10,
algorithms=["none", "RS256"],
options={"verify_signature":False, 'verify_exp': False})
base64urlpolicy = policyjwt.get("AttestationPolicy")
policy = Base64Url.decode(encoded=base64urlpolicy)
print("Default Policy: ", policy)
@AttestationPreparer()
def test_aad_get_policy_sgx(self, attestation_aad_url):
attest_client = self.create_client(attestation_aad_url)
default_policy_response = attest_client.policy.get(AttestationType.SGX_ENCLAVE)
default_policy = default_policy_response.token
policy_token = jwt.decode(
default_policy,
options={"verify_signature":False, 'verify_exp': False},
leeway=10,
algorithms=["none", "RS256"])
verifyToken=True
unverified_header = jwt.get_unverified_header(policy_token["x-ms-policy"])
if (unverified_header.get('alg')=='none'):
verifyToken = False
policyjwt = jwt.decode(
policy_token["x-ms-policy"],
leeway=10,
algorithms=["none", "RS256"],
options={"verify_signature":False, 'verify_exp': False})
base64urlpolicy = policyjwt.get("AttestationPolicy")
policy = Base64Url.decode(encoded=base64urlpolicy)
print("Default Policy: ", policy)
@AttestationPreparer()
def test_aad_get_policy_management_signers(self, attestation_aad_url):
attest_client = self.create_client(attestation_aad_url)
policy_signers = attest_client.policy_certificates.get()
default_signers = policy_signers.token
policy_token = jwt.decode(
default_signers,
options={"verify_signature":False, 'verify_exp': False},
leeway=10,
algorithms=["none", "RS256"])
print("{}".format(policy_token))
policy_certificates = policy_token["x-ms-policy-certificates"]
assert len(policy_certificates["keys"])==0
def test_shared_get_policy_management_signers(self):
attest_client = self.shared_client()
policy_signers = attest_client.policy_certificates.get()
default_signers = policy_signers.token
policy_token = jwt.decode(
default_signers,
options={"verify_signature":False, 'verify_exp': False},
leeway=10,
algorithms=["none", "RS256"])
print("{}".format(policy_token))
policy_certificates = policy_token["x-ms-policy-certificates"]
assert len(policy_certificates["keys"])==0
@AttestationPreparer()
def test_isolated_get_policy_management_signers(self, attestation_isolated_url):
attest_client = self.create_client(attestation_isolated_url)
policy_signers = attest_client.policy_certificates.get()
default_signers = policy_signers.token
policy_token = jwt.decode(
default_signers,
options={"verify_signature":False, 'verify_exp': False},
leeway=10,
algorithms=["none", "RS256"])
print("{}".format(policy_token))
policy_certificates = policy_token["x-ms-policy-certificates"]
assert len(policy_certificates["keys"])==1
policy_key = policy_certificates["keys"][0]
x5cs = policy_key["x5c"]
assert len(x5cs) != 0
for cert in x5cs:
der_cert = base64.b64decode(cert)
cert = cryptography.x509.load_der_x509_certificate(der_cert)
print('Policy Management Certificate iss:', cert.issuer, '}; subject: ', cert.subject)
def create_client(self, base_uri):
"""
docstring
"""
credential = self.get_credential(AttestationClient)
attest_client = self.create_client_from_credential(AttestationClient,
credential=credential,
instance_url=base_uri)
return attest_client
def shared_client(self):
"""
docstring
"""
return self.create_client(self.shared_base_uri())
@staticmethod
def shared_base_uri():
return "https://shareduks.uks.test.attest.azure.net"
class Base64Url:
@staticmethod
def encode(unencoded):
base64val= base64.b64encode(unencoded)
strip_trailing=base64val.split("=")[0] # pick the string before the trailing =
converted = strip_trailing.replace("+", "-").replace("/", "_")
return converted
@staticmethod
def decode(encoded):
converted = encoded.replace("-", "+").replace("_", "/")
padding_added = converted + "=" * ((len(converted)* -1) % 4)
return base64.b64decode(padding_added)
#------------------------------------------------------------------------------
if __name__ == '__main__':
unittest.main()

2
sdk/attestation/ci.yml
Просмотреть файл

@ -30,3 +30,5 @@ extends:
Artifacts:
- name: azure_mgmt_attestation
safeName: azuremgmtattestation
- name: azure_security_attestation
safeName: azuresecurityattestation

170
sdk/attestation/test-resources-pre.ps1 Normal file
Просмотреть файл

@ -0,0 +1,170 @@
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
# IMPORTANT: Do not invoke this file directly. Please instead run eng/New-TestResources.ps1 from the repository root.
#Requires -Version 6.0
#Requires -PSEdition Core
using namespace System.Security.Cryptography
using namespace System.Security.Cryptography.X509Certificates
# Use same parameter names as declared in eng/New-TestResources.ps1 (assume validation therein).
[CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]
param (
# Captures any arguments from eng/New-TestResources.ps1 not declared here (no parameter errors).
[Parameter(ValueFromRemainingArguments = $true)]
$RemainingArguments
)
$ServiceRegionMap = @{
"east asia" = "EastAsia";
"southeast asia" = "SoutheastAsia";
"east us" = "EastUS";
"east us 2" = "EastUS2";
"west us" = "WestUS";
"west us 2" = "WestUS2";
"central us" = "CentralUS";
"north central us" = "NorthCentralUS";
"south central us" = "SouthCentralUS";
"north europe" = "NorthEurope";
"west europe" = "WestEurope";
"japan east" = "JapanEast";
"japan west" = "JapanWest";
"brazil south" = "BrazilSouth";
"australia east" = "AustraliaEast";
"australia southeast" = "AustraliaSoutheast";
"central india" = "CentralIndia";
"south india" = "SouthIndia";
"west india" = "WestIndia";
"china east" = "ChinaEast";
"china north" = "ChinaNorth";
"us gov iowa" = "USGovIowa";
"usgov virginia" = "USGovVirginia";
"germany central" = "GermanyCentral";
"germany northeast" = "GermanyNortheast";
"uk south" = "UKSouth";
"canada east" = "CanadaEast";
"canada central" = "CanadaCentral";
"canada west" = "CanadaWest";
"central us euap" = "CentralUSEUAP";
}
$AbbreviatedRegionMap = @{
"eastasia" = "easia";
"southeastasia" = "sasia";
"eastus" = "eus";
"eastus2" = "eus2";
"westus" = "wus";
"westus2" = "wus2";
"centralus" = "cus";
"northcentralus" = "ncus";
"southcentralus" = "scus";
"northeurope" = "neu";
"westeurope" = "weu";
"japaneast" = "ejp";
"japanwest" = "wjp";
"brazilsouth" = "sbr";
"australiaeast" = "eau";
"australiasoutheast" = "sau";
"centralindia" = "cin";
"southindia" = "sin";
"westindia" = "win";
"chinaeast" = "ecn";
"chinanorth" = "ncn";
"usgoviowa" = "iusg";
"usgovvirginia" = "vusg";
"germanycentral" = "cde";
"germanynortheast" = "nde";
"uksouth" = "uks";
"canadaeast" = "cae";
"canadacentral" = "cac";
"canadawest" = "caw";
"centraluseuap" = "cuse";
}
# By default stop for any error.
if (!$PSBoundParameters.ContainsKey('ErrorAction')) {
$ErrorActionPreference = 'Stop'
}
function Log($Message) {
Write-Host ('{0} - {1}' -f [DateTime]::Now.ToLongTimeString(), $Message)
}
function New-X509Certificate2([RSA] $rsa, [string] $SubjectName) {
try {
$req = [CertificateRequest]::new(
[string] $SubjectName,
$rsa,
[HashAlgorithmName]::SHA256,
[RSASignaturePadding]::Pkcs1
)
# TODO: Add any KUs necessary to $req.CertificateExtensions
$req.CertificateExtensions.Add([X509BasicConstraintsExtension]::new($true, $false, 0, $false))
$NotBefore = [DateTimeOffset]::Now.AddDays(-1)
$NotAfter = $NotBefore.AddDays(365)
$req.CreateSelfSigned($NotBefore, $NotAfter)
}
finally {
}
}
function Export-X509Certificate2([string] $Path, [X509Certificate2] $Certificate) {
$Certificate.Export([X509ContentType]::Pfx) | Set-Content $Path -AsByteStream
}
function Export-X509Certificate2PEM([string] $Path, [X509Certificate2] $Certificate) {
@"
-----BEGIN CERTIFICATE-----
$([Convert]::ToBase64String($Certificate.RawData, 'InsertLineBreaks'))
-----END CERTIFICATE-----
"@ > $Path
}
Log "Running PreConfig script".
$shortLocation = $AbbreviatedRegionMap.Get_Item($Location.ToLower())
Log "Mapped long location name ${Location} to short name: ${shortLocation}"
try {
$isolatedKey = [RSA]::Create(2048)
$isolatedCertificate = New-X509Certificate2 $isolatedKey "CN=AttestationIsolatedManagementCertificate"
$EnvironmentVariables["ATTESTATION_ISOLATED_SIGNING_CERTIFICATE"] = $([Convert]::ToBase64String($isolatedCertificate.RawData, 'None'))
$templateFileParameters.isolatedSigningCertificate = $([Convert]::ToBase64String($isolatedCertificate.RawData, 'None'))
$EnvironmentVariables["ATTESTATION_ISOLATED_SIGNING_KEY"] = $([Convert]::ToBase64String($isolatedKey.ExportPkcs8PrivateKey()))
$EnvironmentVariables["ATTESTATION_SERIALIZED_ISOLATED_SIGNING_KEY"] = $isolatedKey.ToXmlString($True)
}
finally {
$isolatedKey.Dispose()
}
$EnvironmentVariables["ATTESTATION_LOCATION_SHORT_NAME"] = $shortLocation
$templateFileParameters.locationShortName = $shortLocation
Log 'Creating 3 X509 certificates which can be used to sign policies.'
$wrappingFiles = foreach ($i in 0..2) {
try {
$certificateKey = [RSA]::Create(2048)
$certificate = New-X509Certificate2 $certificateKey "CN=AttestationCertificate$i"
$EnvironmentVariables["ATTESTATION_POLICY_SIGNING_CERTIFICATE$i"] = $([Convert]::ToBase64String($certificate.RawData))
$EnvironmentVariables["ATTESTATION_POLICY_SIGNING_KEY$i"] = $([Convert]::ToBase64String($certificateKey.ExportPkcs8PrivateKey()))
$EnvironmentVariables["ATTESTATION_SERIALIZED_POLICY_SIGNING_KEY$i"] = $certificateKey.ToXmlString($True)
$baseName = "$PSScriptRoot\attestation-certificate$i"
Export-X509Certificate2 "$baseName.pfx" $certificate
}
finally {
$certificateKey.Dispose()
}
}

70
sdk/attestation/test-resources.json Normal file
Просмотреть файл

@ -0,0 +1,70 @@
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"baseName": {
"type": "string",
"defaultValue": "[resourceGroup().name]",
"metadata": {
"description": "The base resource name."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "The location of the resource. By default, this is the same as the resource group."
}
},
"isolatedSigningCertificate": {
"type": "string",
"defaultValue": ""
},
"locationShortName": {
"type": "string",
"defaultValue": ""
}
},
"variables": {
"isolatedTenantName": "[concat('py', concat(parameters('baseName'), 'iso'))]",
"aadTenantName": "[concat('py', concat(parameters('baseName'), 'aad'))]",
"isolatedUri": "[format('https://{0}.{1}.attest.azure.net', variables('isolatedTenantName'), parameters('locationShortName'))]",
"aadUri": "[format('https://{0}.{1}.attest.azure.net', variables('aadTenantName'), parameters('locationShortName'))]",
"PolicySigningCertificates": {
"PolicySigningCertificates": {
"keys": [
{
"kty": "RSA",
"use": "sig",
"x5c": [ "[parameters('isolatedSigningCertificate')]" ]
}
]
}
}
},
"resources": [
{
"type": "Microsoft.Attestation/attestationProviders",
"apiVersion": "2020-10-01",
"name": "[variables('aadTenantName')]",
"location": "[parameters('location')]",
},
{
"type": "Microsoft.Attestation/attestationProviders",
"apiVersion": "2020-10-01",
"name": "[variables('isolatedTenantName')]",
"location": "[parameters('location')]",
"properties": "[variables('PolicySigningCertificates')]"
}
],
"outputs": {
"ATTESTATION_ISOLATED_URL": {
"type": "string",
"value": "[variables('isolatedUri')]"
},
"ATTESTATION_AAD_URL": {
"type": "string",
"value": "[variables('aadUri')]"
}
}
}

2
shared_requirements.txt
Просмотреть файл

@ -148,6 +148,8 @@ avro<2.0.0,>=1.10.0
#override azure-storage-file-datalake azure-core<2.0.0,>=1.9.0
#override azure-storage-file-datalake msrest>=0.6.10
#override azure-storage-file-datalake azure-storage-blob<13.0.0,>=12.6.0
#override azure-security-attestation msrest>=0.6.0
#override azure-security-attestation azure-core<2.0.0,>=1.8.2
opencensus>=0.6.0
opencensus-ext-threading
opencensus-ext-azure>=0.3.1